CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
35.0%
libssh is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of proper validation and checking of return values in the abstract layer for message digest (MD) operations implemented by different supported crypto backends. This could lead to low-memory failures and potentially leads to Denial of Service (DoS). resulting in dropped connections.
access.redhat.com/errata/RHSA-2024:2504
access.redhat.com/errata/RHSA-2024:3233
access.redhat.com/security/cve/CVE-2023-6918
bugzilla.redhat.com/show_bug.cgi?id=2254997
lists.fedoraproject.org/archives/list/[email protected]/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
lists.fedoraproject.org/archives/list/[email protected]/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
www.libssh.org/security/advisories/CVE-2023-6918.txt