An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
References
Configurations
History
22 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." |
26 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Nov 2023, 16:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Asyncssh Project
Asyncssh Project asyncssh |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CPE | cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:* | |
CWE | CWE-345 | |
References | () https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 - Third Party Advisory |
14 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 03:15
Updated : 2023-12-22 20:15
NVD link : CVE-2023-46445
Mitre link : CVE-2023-46445
CVE.ORG link : CVE-2023-46445
JSON object : View
Products Affected
asyncssh_project
- asyncssh
CWE
CWE-345
Insufficient Verification of Data Authenticity