Lucene search

Veracode Vulnerability DatabaseVERACODE:44747

HistoryDec 19, 2023 - 9:12 a.m.

Prefix Truncation Attack (Terrapin Attack)

2023-12-1909:12:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libssh

vulnerability

handshake phase

sequence numbers

ssh protocol

disabled security features

7.1 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

libssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol (BPP) with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and potentially leads to disabled security features in SSH connections.

CPENameOperatorVersion
golang.org/x/cryptolev0.16.0
libssh.sole4.9.5
libssh.sole4.8.7
libssh2.sole1.0.1-1.10.0-1.el8.x86_64.debug
paramikole3.3.1
jschle0.2.14
golang.org/x/cryptolev0.16.0
libssh.sole4.9.5
libssh.sole4.8.7
libssh2.sole1.0.1-1.10.0-1.el8.x86_64.debug

Name	Operator	Version
golang.org/x/crypto	le	v0.16.0
libssh.so	le	4.9.5
libssh.so	le	4.8.7
libssh2.so	le	1.0.1-1.10.0-1.el8.x86_64.debug
paramiko	le	3.3.1
jsch	le	0.2.14
golang.org/x/crypto	le	v0.16.0
libssh.so	le	4.9.5
libssh.so	le	4.8.7
libssh2.so	le	1.0.1-1.10.0-1.el8.x86_64.debug

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

seclists.org/fulldisclosure/2024/Mar/21

www.openwall.com/lists/oss-security/2023/12/18/3

www.openwall.com/lists/oss-security/2023/12/19/5

www.openwall.com/lists/oss-security/2023/12/20/3

www.openwall.com/lists/oss-security/2024/03/06/3

www.openwall.com/lists/oss-security/2024/04/17/8

access.redhat.com/security/cve/cve-2023-48795

arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

bugs.gentoo.org/920280

bugzilla.redhat.com/show_bug.cgi?id=2254210

bugzilla.suse.com/show_bug.cgi?id=1217950

crates.io/crates/thrussh/versions

filezilla-project.org/versions.php

forum.netgate.com/topic/184941/terrapin-ssh-attack

git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

github.com/advisories/GHSA-45x7-px36-x8w8

github.com/apache/mina-sshd/issues/445

github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

github.com/connectbot/sshlib/compare/2.2.21...2.2.22

github.com/cyd01/KiTTY/issues/520

github.com/drakkan/sftpgo/releases/tag/v2.5.6

github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

github.com/erlang/otp/releases/tag/OTP-26.2.1

github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

github.com/hierynomus/sshj/issues/916

github.com/janmojzis/tinyssh/issues/81

github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a

github.com/libssh2/libssh2/issues/1290

github.com/libssh2/libssh2/pull/1291

github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

github.com/mwiede/jsch/issues/457

github.com/mwiede/jsch/pull/461

github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

github.com/NixOS/nixpkgs/pull/275249

github.com/openssh/openssh-portable/commits/master

github.com/paramiko/paramiko/commit/96db1e2be856eac66631761bae41167a1ebd2b4e

github.com/paramiko/paramiko/issues/2337

github.com/PowerShell/Win32-OpenSSH/issues/2189

github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

github.com/proftpd/proftpd/issues/456

github.com/rapier1/hpn-ssh/releases

github.com/ronf/asyncssh/blob/develop/docs/changes.rst

github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b

github.com/ronf/asyncssh/tags

github.com/ssh-mitm/ssh-mitm/issues/165

github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

github.com/TeraTermProject/teraterm/releases/tag/v5.1

github.com/warp-tech/russh/releases/tag/v0.40.2

gitlab.com/libssh/libssh-mirror/-/tags

groups.google.com/g/golang-announce/c/-n5WqVC18LQ

groups.google.com/g/golang-announce/c/qA3XtxvMUyg

help.panic.com/releasenotes/transmit5/

jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

lists.debian.org/debian-lts-announce/2023/12/msg00017.html

lists.debian.org/debian-lts-announce/2024/01/msg00013.html

lists.debian.org/debian-lts-announce/2024/01/msg00014.html

lists.debian.org/debian-lts-announce/2024/04/msg00016.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

matt.ucc.asn.au/dropbear/CHANGES

nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

news.ycombinator.com/item?id=38684904

news.ycombinator.com/item?id=38685286

news.ycombinator.com/item?id=38732005

nova.app/releases/#v11.8

oryx-embedded.com/download/#changelog

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

roumenpetrov.info/secsh/#news20231220

security-tracker.debian.org/tracker/CVE-2023-48795

security-tracker.debian.org/tracker/source-package/libssh2

security-tracker.debian.org/tracker/source-package/proftpd-dfsg

security-tracker.debian.org/tracker/source-package/trilead-ssh2

security.gentoo.org/glsa/202312-16

security.gentoo.org/glsa/202312-17

security.netapp.com/advisory/ntap-20240105-0004/

support.apple.com/kb/HT214084

thorntech.com/cve-2023-48795-and-sftp-gateway/

twitter.com/TrueSkrillor/status/1736774389725565005

ubuntu.com/security/CVE-2023-48795

winscp.net/eng/docs/history#6.2.2

www.bitvise.com/ssh-client-version-history#933

www.bitvise.com/ssh-server-version-history

www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

www.debian.org/security/2023/dsa-5586

www.debian.org/security/2023/dsa-5588

www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/

www.libssh.org/security/advisories/CVE-2023-48795.txt

www.netsarang.com/en/xshell-update-history/

www.openssh.com/openbsd.html

www.openssh.com/txt/release-9.6

www.openwall.com/lists/oss-security/2023/12/18/2

www.openwall.com/lists/oss-security/2023/12/20/3

www.paramiko.org/changelog.html

www.paramiko.org/changelog.html#3.4.0

www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

www.terrapin-attack.com

www.theregister.com/2023/12/20/terrapin_attack_ssh

www.vandyke.com/products/securecrt/history.txt