A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2504 | |
https://access.redhat.com/security/cve/CVE-2023-6918 | Mailing List Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2254997 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ | Mailing List Vendor Advisory |
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ | Release Notes |
https://www.libssh.org/security/advisories/CVE-2023-6918.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
30 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jan 2024, 16:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:a:libssh:libssh:-:*:*:*:*:*:*:* cpe:2.3:a:libssh2:libssh2:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ - Third Party Advisory |
10 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2024, 20:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.libssh.org/security/advisories/CVE-2023-6918.txt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
03 Jan 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jan 2024, 16:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Libssh libssh Redhat Libssh Libssh2 Libssh2 libssh2 |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:libssh:libssh:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* cpe:2.3:a:libssh2:libssh2:-:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/security/cve/CVE-2023-6918 - Mailing List, Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2254997 - Issue Tracking, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ - Mailing List, Vendor Advisory | |
References | () https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
22 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
19 Dec 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-19 00:15
Updated : 2024-04-30 15:15
NVD link : CVE-2023-6918
Mitre link : CVE-2023-6918
CVE.ORG link : CVE-2023-6918
JSON object : View
Products Affected
redhat
- enterprise_linux
libssh
- libssh
fedoraproject
- fedora
CWE
CWE-252
Unchecked Return Value