{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2023/cve-2023-48795-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-04-17T16:04:25Z", "generator": { "date": "2026-04-17T16:04:25Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-48795-ELS_OS-RHEL7ELS", "initial_release_date": "2023-12-18T16:15:00Z", "revision_history": [ { "date": "2023-12-18T16:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-17T16:04:25Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2023-48795" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-ldap@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-ldap@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/pam_ssh_agent_auth@0.10.3-2.23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/pam_ssh_agent_auth@0.10.3-2.23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-server@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-server@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-keycat@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-keycat@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-askpass@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-askpass@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-cavs@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-cavs@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-server-sysvinit@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-server-sysvinit@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product": { "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_id": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-clients@7.4p1-23.0.3.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product": { "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_id": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssh-clients@7.4p1-23.0.3.el7_9.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "product": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "product_id": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/pam_ssh_agent_auth@0.10.3-2.23.0.3.el7_9.tuxcare.els3?arch=i686" } } }, { "category": "product_version", "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "product": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "product_id": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/pam_ssh_agent_auth@0.10.3-2.23.0.3.el7_9.tuxcare.els2?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686" }, "product_reference": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686" }, "product_reference": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64" }, "product_reference": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64" }, "product_reference": "openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "notes": [ { "category": "description", "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "under_investigation": [ "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-48795" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Mar/21", "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/04/17/8", "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/cve-2023-48795", "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "category": "external", "summary": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "category": "external", "summary": "https://bugs.gentoo.org/920280", "url": "https://bugs.gentoo.org/920280" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "category": "external", "summary": "https://crates.io/crates/thrussh/versions", "url": "https://crates.io/crates/thrussh/versions" }, { "category": "external", "summary": "https://filezilla-project.org/versions.php", "url": "https://filezilla-project.org/versions.php" }, { "category": "external", "summary": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "category": "external", "summary": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "category": "external", "summary": "https://github.com/NixOS/nixpkgs/pull/275249", "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "category": "external", "summary": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "category": "external", "summary": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "category": "external", "summary": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "category": "external", "summary": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "category": "external", "summary": "https://github.com/apache/mina-sshd/issues/445", "url": "https://github.com/apache/mina-sshd/issues/445" }, { "category": "external", "summary": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "category": "external", "summary": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "category": "external", "summary": "https://github.com/cyd01/KiTTY/issues/520", "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "category": "external", "summary": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "category": "external", "summary": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "category": "external", "summary": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "category": "external", "summary": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "category": "external", "summary": "https://github.com/hierynomus/sshj/issues/916", "url": "https://github.com/hierynomus/sshj/issues/916" }, { "category": "external", "summary": "https://github.com/janmojzis/tinyssh/issues/81", "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "category": "external", "summary": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "category": "external", "summary": "https://github.com/libssh2/libssh2/pull/1291", "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "category": "external", "summary": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "category": "external", "summary": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "category": "external", "summary": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "category": "external", "summary": "https://github.com/mwiede/jsch/issues/457", "url": "https://github.com/mwiede/jsch/issues/457" }, { "category": "external", "summary": "https://github.com/mwiede/jsch/pull/461", "url": "https://github.com/mwiede/jsch/pull/461" }, { "category": "external", "summary": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "category": "external", "summary": "https://github.com/openssh/openssh-portable/commits/master", "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "category": "external", "summary": "https://github.com/paramiko/paramiko/issues/2337", "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "category": "external", "summary": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "category": "external", "summary": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "category": "external", "summary": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "category": "external", "summary": "https://github.com/proftpd/proftpd/issues/456", "url": "https://github.com/proftpd/proftpd/issues/456" }, { "category": "external", "summary": "https://github.com/rapier1/hpn-ssh/releases", "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "category": "external", "summary": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "category": "external", "summary": "https://github.com/ronf/asyncssh/tags", "url": "https://github.com/ronf/asyncssh/tags" }, { "category": "external", "summary": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "category": "external", "summary": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "category": "external", "summary": "https://gitlab.com/libssh/libssh-mirror/-/tags", "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "category": "external", "summary": "https://help.panic.com/releasenotes/transmit5/", "url": "https://help.panic.com/releasenotes/transmit5/" }, { "category": "external", "summary": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "category": "external", "summary": "https://matt.ucc.asn.au/dropbear/CHANGES", "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "category": "external", "summary": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=38684904", "url": "https://news.ycombinator.com/item?id=38684904" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=38685286", "url": "https://news.ycombinator.com/item?id=38685286" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=38732005", "url": "https://news.ycombinator.com/item?id=38732005" }, { "category": "external", "summary": "https://nova.app/releases/#v11.8", "url": "https://nova.app/releases/#v11.8" }, { "category": "external", "summary": "https://oryx-embedded.com/download/#changelog", "url": "https://oryx-embedded.com/download/#changelog" }, { "category": "external", "summary": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "category": "external", "summary": "https://roumenpetrov.info/secsh/#news20231220", "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/source-package/libssh2", "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202312-16", "url": "https://security.gentoo.org/glsa/202312-16" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202312-17", "url": "https://security.gentoo.org/glsa/202312-17" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240105-0004/", "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214084", "url": "https://support.apple.com/kb/HT214084" }, { "category": "external", "summary": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "category": "external", "summary": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "category": "external", "summary": "https://ubuntu.com/security/CVE-2023-48795", "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "category": "external", "summary": "https://winscp.net/eng/docs/history#6.2.2", "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "category": "external", "summary": "https://www.bitvise.com/ssh-client-version-history#933", "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "category": "external", "summary": "https://www.bitvise.com/ssh-server-version-history", "url": "https://www.bitvise.com/ssh-server-version-history" }, { "category": "external", "summary": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "category": "external", "summary": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5586", "url": "https://www.debian.org/security/2023/dsa-5586" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5588", "url": "https://www.debian.org/security/2023/dsa-5588" }, { "category": "external", "summary": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "category": "external", "summary": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "category": "external", "summary": "https://www.netsarang.com/en/xshell-update-history/", "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "category": "external", "summary": "https://www.openssh.com/openbsd.html", "url": "https://www.openssh.com/openbsd.html" }, { "category": "external", "summary": "https://www.openssh.com/txt/release-9.6", "url": "https://www.openssh.com/txt/release-9.6" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "category": "external", "summary": "https://www.paramiko.org/changelog.html", "url": "https://www.paramiko.org/changelog.html" }, { "category": "external", "summary": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "category": "external", "summary": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "category": "external", "summary": "https://www.terrapin-attack.com", "url": "https://www.terrapin-attack.com/" }, { "category": "external", "summary": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "category": "external", "summary": "https://www.vandyke.com/products/securecrt/history.txt", "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "category": "external", "summary": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit" }, { "category": "external", "summary": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability", "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" } ], "release_date": "2023-12-18T16:15:00Z", "remediations": [ { "category": "none_available", "details": "Affected", "product_ids": [ "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-askpass-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-cavs-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-clients-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-keycat-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-ldap-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:openssh-server-sysvinit-0:7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686", "Red-Hat-7:pam_ssh_agent_auth-0:0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }