CVE-2023-48795
Summary
| CVE | CVE-2023-48795 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-12-18 16:15:10 UTC |
| Updated | 2026-05-12 11:16:15 UTC |
| Description | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. |
Risk And Classification
Primary CVSS: v3.1 5.9 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Problem Types: CWE-354 | n/a | CWE-354 CWE-354 Improper Validation of Integrity Check Value
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | ADP | DECLARED | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Application | Filezilla-project | Filezilla Client | All | All | All | All |
| Application | Openbsd | Openssh | All | All | All | All |
| Application | Panic | Transmit 5 | All | All | All | All |
| Application | Putty | Putty | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | RUGGEDCOM APE1808 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory | af854a3a-2127-422b-91ae-364da2661108 | psirt.global.sonicwall.com | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| github.com/mwiede/jsch/pull/461 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| bugs.gentoo.org/920280 | af854a3a-2127-422b-91ae-364da2661108 | bugs.gentoo.org | Issue Tracking |
| cert-portal.siemens.com/productcert/html/ssa-364175.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| github.com/advisories/GHSA-45x7-px36-x8w8 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Third Party Advisory |
| seclists.org/fulldisclosure/2024/Mar/21 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-disc... | af854a3a-2127-422b-91ae-364da2661108 | jadaptive.com | Press/Media Coverage |
| www.openwall.com/lists/oss-security/2023/12/20/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Mitigation |
| lists.debian.org/debian-lts-announce/2024/04/msg00016.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-5586-1 openssh | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Issue Tracking |
| github.com/hierynomus/sshj/issues/916 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUS... | af854a3a-2127-422b-91ae-364da2661108 | nest.pijul.com | Patch |
| gitlab.com/libssh/libssh-mirror/-/tags | af854a3a-2127-422b-91ae-364da2661108 | gitlab.com | Release Notes |
| forum.netgate.com/topic/184941/terrapin-ssh-attack | af854a3a-2127-422b-91ae-364da2661108 | forum.netgate.com | Issue Tracking |
| www.theregister.com/2023/12/20/terrapin_attack_ssh | af854a3a-2127-422b-91ae-364da2661108 | www.theregister.com | Press/Media Coverage |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| www.bitvise.com/ssh-server-version-history | af854a3a-2127-422b-91ae-364da2661108 | www.bitvise.com | Release Notes |
| nova.app/releases | af854a3a-2127-422b-91ae-364da2661108 | nova.app | Release Notes |
| github.com/TeraTermProject/teraterm/releases/tag/v5.1 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | af854a3a-2127-422b-91ae-364da2661108 | www.chiark.greenend.org.uk | Release Notes |
| github.com/connectbot/sshlib/compare/2.2.21...2.2.22 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Third Party Advisory |
| github.com/rapier1/hpn-ssh/releases | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| oryx-embedded.com/download | af854a3a-2127-422b-91ae-364da2661108 | oryx-embedded.com | Release Notes |
| lists.debian.org/debian-lts-announce/2024/11/msg00032.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| github.com/mwiede/jsch/issues/457 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| news.ycombinator.com/item | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| github.com/drakkan/sftpgo/releases/tag/v2.5.6 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/12/18/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| crates.io/crates/thrussh/versions | af854a3a-2127-422b-91ae-364da2661108 | crates.io | Release Notes |
| security-tracker.debian.org/tracker/source-package/trilead-ssh2 | af854a3a-2127-422b-91ae-364da2661108 | security-tracker.debian.org | Issue Tracking |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] [DLA 3718-1] php-phpseclib security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/12/19/5 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| [SECURITY] [DLA 3694-1] openssh security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| [SECURITY] Fedora 39 Update: podman-4.8.3-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| github.com/NixOS/nixpkgs/pull/275249 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| github.com/ssh-mitm/ssh-mitm/issues/165 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| winscp.net/eng/docs/history | af854a3a-2127-422b-91ae-364da2661108 | winscp.net | Release Notes |
| github.com/ronf/asyncssh/blob/develop/docs/changes.rst | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| news.ycombinator.com/item | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| [SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| groups.google.com/g/golang-announce/c/qA3XtxvMUyg | af854a3a-2127-422b-91ae-364da2661108 | groups.google.com | Mailing List |
| [SECURITY] Fedora 39 Update: putty-0.80-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| www.vandyke.com/products/securecrt/history.txt | af854a3a-2127-422b-91ae-364da2661108 | www.vandyke.com | Release Notes |
| github.com/erlang/otp/releases/tag/OTP-26.2.1 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| [SECURITY] Fedora 38 Update: putty-0.80-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-769027.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c1... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| [SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-5588-1 putty | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Issue Tracking |
| [SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-usin... | af854a3a-2127-422b-91ae-364da2661108 | arstechnica.com | Press/Media Coverage |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| matt.ucc.asn.au/dropbear/CHANGES | af854a3a-2127-422b-91ae-364da2661108 | matt.ucc.asn.au | Release Notes |
| github.com/janmojzis/tinyssh/issues/81 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| www.openssh.com/openbsd.html | af854a3a-2127-422b-91ae-364da2661108 | www.openssh.com | Release Notes |
| security.gentoo.org/glsa/202312-16 | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-915275.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| help.panic.com/releasenotes/transmit5 | af854a3a-2127-422b-91ae-364da2661108 | help.panic.com | Release Notes |
| github.com/proftpd/proftpd/issues/456 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| www.crushftp.com/crush10wiki/Wiki.jsp | af854a3a-2127-422b-91ae-364da2661108 | www.crushftp.com | Release Notes |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| security-tracker.debian.org/tracker/CVE-2023-48795 | af854a3a-2127-422b-91ae-364da2661108 | security-tracker.debian.org | Vendor Advisory |
| www.bitvise.com/ssh-client-version-history | af854a3a-2127-422b-91ae-364da2661108 | www.bitvise.com | Release Notes |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| security.gentoo.org/glsa/202312-17 | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| [SECURITY] Fedora 38 Update: golang-x-crypto-0.18.0-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| github.com/apache/mina-sshd/issues/445 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| bugzilla.redhat.com/show_bug.cgi | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking |
| www.netsarang.com/en/xshell-update-history | af854a3a-2127-422b-91ae-364da2661108 | www.netsarang.com | Release Notes |
| access.redhat.com/security/cve/cve-2023-48795 | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CH... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | Exploit, Third Party Advisory |
| github.com/warp-tech/russh/releases/tag/v0.40.2 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| lists.debian.org/debian-lts-announce/2025/04/msg00028.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise | af854a3a-2127-422b-91ae-364da2661108 | www.lancom-systems.de | Vendor Advisory |
| www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-... | af854a3a-2127-422b-91ae-364da2661108 | www.suse.com | Press/Media Coverage |
| github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| bugzilla.suse.com/show_bug.cgi | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.suse.com | Issue Tracking |
| ubuntu.com/security/CVE-2023-48795 | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | Vendor Advisory |
| github.com/libssh2/libssh2/pull/1291 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Mitigation |
| github.com/proftpd/proftpd/blob/master/RELEASE_NOTES | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| github.com/paramiko/paramiko/issues/2337 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| cert-portal.siemens.com/productcert/html/ssa-794697.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.libssh.org/projects/libssh.git/commit | af854a3a-2127-422b-91ae-364da2661108 | git.libssh.org | Patch |
| thorntech.com/cve-2023-48795-and-sftp-gateway | af854a3a-2127-422b-91ae-364da2661108 | thorntech.com | Third Party Advisory |
| [SECURITY] Fedora 38 Update: golang-x-mod-0.14.0-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| github.com/cyd01/KiTTY/issues/520 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| lists.debian.org/debian-lts-announce/2024/09/msg00042.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| security-tracker.debian.org/tracker/source-package/libssh2 | af854a3a-2127-422b-91ae-364da2661108 | security-tracker.debian.org | Vendor Advisory |
| www.openwall.com/lists/oss-security/2024/03/06/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2024/04/17/8 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.paramiko.org/changelog.html | af854a3a-2127-422b-91ae-364da2661108 | www.paramiko.org | Release Notes |
| [SECURITY] [DLA 3719-1] phpseclib security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/12/18/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| [SECURITY] Fedora 39 Update: golang-x-mod-0.14.0-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| github.com/ronf/asyncssh/tags | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| twitter.com/TrueSkrillor/status/1736774389725565005 | af854a3a-2127-422b-91ae-364da2661108 | twitter.com | Press/Media Coverage |
| www.terrapin-attack.com | af854a3a-2127-422b-91ae-364da2661108 | www.terrapin-attack.com | Exploit |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| filezilla-project.org/versions.php | af854a3a-2127-422b-91ae-364da2661108 | filezilla-project.org | Release Notes |
| www.openssh.com/txt/release-9.6 | af854a3a-2127-422b-91ae-364da2661108 | www.openssh.com | Release Notes |
| news.ycombinator.com/item | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| security.netapp.com/advisory/ntap-20240105-0004 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_stil... | af854a3a-2127-422b-91ae-364da2661108 | www.reddit.com | Issue Tracking |
| github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| roumenpetrov.info/secsh | af854a3a-2127-422b-91ae-364da2661108 | roumenpetrov.info | Release Notes |
| github.com/openssh/openssh-portable/commits/master | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| groups.google.com/g/golang-announce/c/-n5WqVC18LQ | af854a3a-2127-422b-91ae-364da2661108 | groups.google.com | Mailing List |
| github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| [SECURITY] Fedora 38 Update: python-paramiko-3.4.0-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Vendor Advisory |
| [SECURITY] Fedora 38 Update: podman-4.8.3-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | Exploit, Third Party Advisory |
| github.com/PowerShell/Win32-OpenSSH/issues/2189 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/12/20/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Mitigation |
| support.apple.com/kb/HT214084 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| security-tracker.debian.org/tracker/source-package/proftpd-dfsg | af854a3a-2127-422b-91ae-364da2661108 | security-tracker.debian.org | Vendor Advisory |
| www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc | af854a3a-2127-422b-91ae-364da2661108 | www.freebsd.org | Release Notes |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161329 Oracle Enterprise Linux Security Update for libssh (ELSA-2024-0628)
- 161330 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-0606)
- 161350 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-12158)
- 161351 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-12157)
- 161357 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-12164)
- 161396 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-1130)
- 161405 Oracle Enterprise Linux Security Update for buildah (ELSA-2024-1150)
- 161419 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-12233)
- 161420 Oracle Enterprise Linux Security Update for openssh (ELSA-2024-12232)
- 200017 Ubuntu Security Notification for libssh Vulnerability (USN-6561-1)
- 200018 Ubuntu Security Notification for OpenSSH Vulnerabilities (USN-6560-1)
- 200041 Ubuntu Security Notification for OpenSSH Vulnerabilities (USN-6560-2)
- 200046 Ubuntu Security Notification for libssh2 Vulnerability (USN-6585-1)
- 200057 Ubuntu Security Notification for FileZilla Vulnerability (USN-6589-1)
- 200069 Ubuntu Security Notification for Paramiko Vulnerability (USN-6598-1)
- 242764 Red Hat Update for libssh (RHSA-2024:0499)
- 242766 Red Hat Update for libssh (RHSA-2024:0538)
- 242805 Red Hat Update for openssh (RHSA-2024:0606)
- 242811 Red Hat Update for libssh (RHSA-2024:0625)
- 242814 Red Hat Update for libssh (RHSA-2024:0628)
- 242828 Red Hat Update for openssh (RHSA-2024:0594)
- 242841 Red Hat Update for openssh (RHSA-2024:0455)
- 242848 Red Hat Update for openssh (RHSA-2024:0429)
- 242989 Red Hat OpenShift Container Platform 4.15 Security Update (RHSA-2023:7201)
- 243017 Red Hat Update for openssh (RHSA-2024:1130)
- 243033 Red Hat Update for buildah (RHSA-2024:1150)
- 243042 Red Hat Update for JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1193)
- 243043 Red Hat Update for JBoss Enterprise Application Platform 7.4 (RHSA-2024:1196)
- 243044 Red Hat Update for JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1192)
- 243173 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 (RHSA-2024:1676)
- 243174 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 (RHSA-2024:1675)
- 243175 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 (RHSA-2024:1674)
- 284839 Fedora Security Update for podman (FEDORA-2023-cb8c606fbb)
- 284840 Fedora Security Update for proftpd (FEDORA-2023-b87ec6cf47)
- 284849 Fedora Security Update for putty (FEDORA-2024-71c2c6526c)
- 284850 Fedora Security Update for python (FEDORA-2024-39a8c72ea9)
- 284862 Fedora Security Update for golang (FEDORA-2024-ae653fb07b)
- 284864 Fedora Security Update for golang (FEDORA-2024-2705241461)
- 284870 Fedora Security Update for podman (FEDORA-2024-06ebb70bdd)
- 284889 Fedora Security Update for prometheus (FEDORA-2024-3fd1bc9276)
- 285023 Fedora Security Update for prometheus (FEDORA-2024-a53b24023d)
- 285053 Fedora Security Update for golang (FEDORA-2024-fb32950d11)
- 285055 Fedora Security Update for golang (FEDORA-2024-7b08207cdb)
- 285066 Fedora Security Update for podman (FEDORA-2024-3bb23c77f3)
- 285068 Fedora Security Update for putty (FEDORA-2024-d946b9ad25)
- 285075 Fedora Security Update for python (FEDORA-2023-e77300e4b5)
- 285076 Fedora Security Update for proftpd (FEDORA-2023-153404713b)
- 285080 Fedora Security Update for podman (FEDORA-2023-20feb865d8)
- 285088 Fedora Security Update for libssh (FEDORA-2023-0733306be9)
- 296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
- 330166 IBM Advanced Interactive eXecutive (AIX) Multiple Vulnerabilities (openssh_advisory16)
- 356793 Amazon Linux Security Advisory for openssh : ALAS2-2023-2376
- 356794 Amazon Linux Security Advisory for openssh : ALAS2023-2023-462
- 356795 Amazon Linux Security Advisory for openssh : ALAS-2023-1898
- 356999 Amazon Linux Security Advisory for openssh : AL2012-2023-483
- 379295 Putty Terrapin Attack SSH Connection Weakening Vulnerability
- 379302 Windows Secure Copy (WinSCP) Security Update
- 379344 Alibaba Cloud Linux Security Update for libssh (ALINUX3-SA-2024:0014)
- 379366 Fortinet FortiAnalyzer and FortiManager - Improper Access Control Vulnerability (FG-IR-23-490)
- 379473 Jenkins Plugins Multiple Security Vulnerabilities (Jenkins Security Advisory 2024-03-06)
- 379478 Apple macOS Sonoma 14.4 Not Installed (HT214084)
- 38913 SSH Prefix Truncation Vulnerability (Terrapin)
- 44169 Juniper Network Operating System (Junos OS) Terrapin Attack SSH Connection Weakening Vulnerability (JSA76462)
- 503807 Alpine Linux Security Update for dropbear
- 503809 Alpine Linux Security Update for libssh2
- 503855 Alpine Linux Security Update for proftpd
- 503904 Alpine Linux Security Update for dropbear
- 504326 Alpine Linux Security Update for putty
- 505868 Alpine Linux Security Update for dropbear
- 505888 Alpine Linux Security Update for libssh2
- 505902 Alpine Linux Security Update for openssh
- 505986 Alpine Linux Security Update for buildah
- 506001 Alpine Linux Security Update for doctl
- 506043 Alpine Linux Security Update for erlang
- 506053 Alpine Linux Security Update for filezilla
- 506076 Alpine Linux Security Update for gitea
- 506112 Alpine Linux Security Update for libssh
- 506157 Alpine Linux Security Update for pijul
- 506158 Alpine Linux Security Update for podman-tui
- 506161 Alpine Linux Security Update for podman
- 506169 Alpine Linux Security Update for py3-asyncssh
- 506178 Alpine Linux Security Update for py3-paramiko
- 506261 Alpine Linux Security Update for tinyssh
- 510674 Alpine Linux Security Update for nebula
- 510681 Alpine Linux Security Update for openssh
- 510754 Alpine Linux Security Update for openssh
- 510755 Alpine Linux Security Update for putty
- 6000398 Debian Security Update for openssh (DSA 5586-1)
- 6000402 Debian Security Update for putty (DSA 5588-1)
- 6000403 Debian Security Update for openssh (DLA 3694-1)
- 6000408 Debian Security Update for libssh (DSA 5591-1)
- 6000430 Debian Security Update for php-phpseclib3 (DSA 5601-1)
- 6000431 Debian Security Update for phpseclib (DSA 5599-1)
- 6000432 Debian Security Update for php-phpseclib (DSA 5600-1)
- 6000445 Debian Security Update for php-phpseclib (DLA 3718-1)
- 6000446 Debian Security Update for phpseclib (DLA 3719-1)
- 6000460 Debian Security Update for python-asyncssh (DLA 3730-1)
- 673335 EulerOS Security Update for libssh (EulerOS-SA-2024-1316)
- 673339 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1217)
- 673381 EulerOS Security Update for libssh (EulerOS-SA-2024-1338)
- 673413 EulerOS Security Update for openssh (EulerOS-SA-2024-1183)
- 673430 EulerOS Security Update for proftpd (EulerOS-SA-2024-1323)
- 673454 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1239)
- 673471 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1339)
- 673472 EulerOS Security Update for libssh (EulerOS-SA-2024-1197)
- 673543 EulerOS Security Update for proftpd (EulerOS-SA-2024-1222)
- 673551 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1317)
- 673621 EulerOS Security Update for proftpd (EulerOS-SA-2024-1244)
- 673655 EulerOS Security Update for openssh (EulerOS-SA-2024-1203)
- 673667 EulerOS Security Update for python-paramiko (EulerOS-SA-2024-1224)
- 673686 EulerOS Security Update for proftpd (EulerOS-SA-2024-1345)
- 673750 EulerOS Security Update for libssh (EulerOS-SA-2024-1216)
- 673780 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1178)
- 673785 EulerOS Security Update for libssh (EulerOS-SA-2024-1177)
- 673788 EulerOS Security Update for openssh (EulerOS-SA-2024-1321)
- 673811 EulerOS Security Update for openssh (EulerOS-SA-2024-1286)
- 673872 EulerOS Security Update for openssh (EulerOS-SA-2024-1343)
- 673894 EulerOS Security Update for openssh (EulerOS-SA-2024-1241)
- 673897 EulerOS Security Update for libssh2 (EulerOS-SA-2024-1198)
- 673937 EulerOS Security Update for openssh (EulerOS-SA-2024-1219)
- 673955 EulerOS Security Update for python-paramiko (EulerOS-SA-2024-1246)
- 674082 EulerOS Security Update for libssh (EulerOS-SA-2024-1238)
- 691379 Free Berkeley Software Distribution (FreeBSD) Security Update for putty (91955195-9ebb-11ee-bc14-a703705db3a6)
- 691381 Free Berkeley Software Distribution (FreeBSD) Security Update for nebula (0f7598cc-9fe2-11ee-b47f-901b0e9408dc)
- 691386 Free Berkeley Software Distribution (FreeBSD) Security Update for Free Berkeley Software Distribution (FreeBSD) (13d83980-9f18-11ee-8e38-002590c1f29c)
- 691404 Free Berkeley Software Distribution (FreeBSD) Security Update for rclone (b5e22ec5-bc4b-11ee-b0b5-b42e991fc52e)
- 710817 Gentoo Linux libssh Multiple Vulnerabilities (GLSA 202312-16)
- 710818 Gentoo Linux OpenSSH Multiple Vulnerabilities (GLSA 202312-17)
- 731307 Palo Alto Networks (PAN-OS)Impact of Terrapin SSH Attack Vulnerability (PAN-241547, CGSDW-19542)
- 755496 SUSE Enterprise Linux Security Update for openssh (SUSE-SU-2023:4905-1)
- 755497 SUSE Enterprise Linux Security Update for openssh (SUSE-SU-2023:4904-1)
- 755498 SUSE Enterprise Linux Security Update for openssh (SUSE-SU-2023:4903-1)
- 755499 SUSE Enterprise Linux Security Update for openssh (SUSE-SU-2023:4902-1)
- 755517 SUSE Enterprise Linux Security Update for libssh2_org (SUSE-SU-2023:4946-1)
- 755553 SUSE Enterprise Linux Security Update for libssh2_org (SUSE-SU-2024:0006-1)
- 755579 SUSE Enterprise Linux Security Update for python-paramiko (SUSE-SU-2024:0035-1)
- 755645 SUSE Enterprise Linux Security Update for erlang (SUSE-SU-2024:0210-1)
- 755655 SUSE Enterprise Linux Security Update for apache-parent, apache-sshd (SUSE-SU-2024:0224-1)
- 755708 SUSE Enterprise Linux Security Update for bouncycastle, jsch (SUSE-SU-2024:0327-1)
- 755732 SUSE Enterprise Linux Security Update for cosign (SUSE-SU-2024:0430-1)
- 755745 SUSE Enterprise Linux Security Update for rekor (SUSE-SU-2024:0460-1)
- 755791 SUSE Enterprise Linux Security Update for libssh2_org (SUSE-SU-2024:0543-1)
- 755792 SUSE Enterprise Linux Security Update for libssh2_org (SUSE-SU-2024:0558-1)
- 755806 SUSE Enterprise Linux Security Update for libssh (SUSE-SU-2024:0539-1)
- 755989 SUSE Enterprise Linux Security Update for jsch-agent-proxy (SUSE-SU-2024:0974-1)
- 755991 SUSE Enterprise Linux Security Update for jbcrypt, trilead-ssh2 (SUSE-SU-2024:0972-1)
- 770234 Red Hat OpenShift Container Platform 4.15 Security Update (RHSA-2023:7201)
- 907717 Common Base Linux Mariner (CBL-Mariner) Security Update for libssh (32200-1)
- 907796 Common Base Linux Mariner (CBL-Mariner) Security Update for jsch (32259-2)
- 907806 Common Base Linux Mariner (CBL-Mariner) Security Update for openssh (32204-1)
- 907822 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-engine (32280-2)
- 907868 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-cli (32223-1)
- 907970 Common Base Linux Mariner (CBL-Mariner) Security Update for erlang (32196-1)
- 907979 Common Base Linux Mariner (CBL-Mariner) Security Update for libssh2 (32201-1)
- 907980 Common Base Linux Mariner (CBL-Mariner) Security Update for cert-manager (32195-1)
- 907991 Common Base Linux Mariner (CBL-Mariner) Security Update for nmap (32202-1)
- 941560 AlmaLinux Security Update for openssh (ALSA-2024:0606)
- 941563 AlmaLinux Security Update for libssh (ALSA-2024:0628)
- 941611 AlmaLinux Security Update for buildah (ALSA-2024:1150)
- 941612 AlmaLinux Security Update for openssh (ALSA-2024:1130)
- 961110 Rocky Linux Security Update for openssh (RLSA-2024:0606)
- 961112 Rocky Linux Security Update for libssh (RLSA-2024:0628)
- 996349 GO (Go) Security Update for golang.org/x/crypto (GHSA-45x7-px36-x8w8)
- 996375 Rust (Rust) Security Update for golang.org/x/crypto (GHSA-45x7-px36-x8w8)
- 996391 Python (Pip) Security Update for golang.org/x/crypto (GHSA-45x7-px36-x8w8)