CVE-2023-6918
LOW
3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
Description
AI Translation Available
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0036
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
252
Unchecked Return Value
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Potential Impacts:
Unexpected State
Dos: Crash, Exit, Or Restart
Applicable Platforms
All platforms may be affected
Application
Libssh by Libssh
Version Range Affected
From
0.9.0
(inclusive)
To
0.9.8
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Enterprise Linux by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Libssh by Libssh
Version Range Affected
From
0.10.0
(inclusive)
To
0.10.6
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Enterprise Linux by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2024:2504
https://access.redhat.com/errata/RHSA-2024:3233
https://access.redhat.com/security/cve/CVE-2023-6918
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://security.netapp.com/advisory/ntap-20250214-0009/
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-relea…
https://www.libssh.org/security/advisories/CVE-2023-6918.txt
https://access.redhat.com/errata/RHSA-2024:2504
https://access.redhat.com/errata/RHSA-2024:3233
https://access.redhat.com/security/cve/CVE-2023-6918
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-relea…
https://www.libssh.org/security/advisories/CVE-2023-6918.txt