Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

INFO

Published Date :

Dec. 18, 2023, 4:15 p.m.

Last Modified :

May 1, 2024, 6:15 p.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

2.2
Public PoC/Exploit Available at Github

CVE-2023-48795 has a 20 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-48795 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Redhat enterprise_linux
2 Redhat openshift_container_platform
3 Redhat ceph_storage
4 Redhat keycloak
5 Redhat jboss_enterprise_application_platform
6 Redhat single_sign-on
7 Redhat openstack_platform
8 Redhat openshift_serverless
9 Redhat storage
10 Redhat openshift_virtualization
11 Redhat openshift_data_foundation
12 Redhat advanced_cluster_security
13 Redhat openshift_gitops
14 Redhat openshift_pipelines
15 Redhat openshift_developer_tools_and_services
16 Redhat openshift_api_for_data_protection
17 Redhat discovery
18 Redhat openshift_dev_spaces
19 Redhat cert-manager_operator_for_red_hat_openshift
1 Lancom-systems lcos
2 Lancom-systems lcos_fx
3 Lancom-systems lcos_lx
4 Lancom-systems lcos_sx
5 Lancom-systems lanconfig
1 Apache sshd
2 Apache sshj
1 Netgate pfsense_plus
2 Netgate pfsense_ce
1 Panic transmit_5
2 Panic nova
1 Bitvise ssh_client
2 Bitvise ssh_server
1 Fedoraproject fedora
1 Debian debian_linux
1 Openbsd openssh
1 Apple macos
1 Filezilla-project filezilla_client
1 Freebsd freebsd
1 Dropbear_ssh_project dropbear_ssh
1 Libssh2 libssh2
1 Putty putty
1 Microsoft powershell
1 Paramiko paramiko
1 Proftpd proftpd
1 Crushftp crushftp
1 Libssh libssh
1 Golang crypto
1 Vandyke securecrt
1 Asyncssh_project asyncssh
1 Erlang erlang\/otp
1 Ssh2_project ssh2
1 Winscp winscp
1 Ssh ssh
1 Russh_project russh
1 Tera_term_project tera_term
1 Sftpgo_project sftpgo
1 Roumenpetrov pkixssh
1 Net-ssh net-ssh
1 Crates thrussh
1 Oryx-embedded cyclone_ssh
1 Netsarang xshell_7
1 Matez jsch
1 Jadaptive maverick_synergy_java_ssh_api
1 Thorntech sftp_gateway_firmware
1 Connectbot sshlib
1 Tinyssh tinyssh
1 Trilead ssh2
1 Gentoo security
1 9bis kitty
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-48795.

URL Resource
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List
http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List
http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List Mitigation
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage
https://bugs.gentoo.org/920280 Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking
https://crates.io/crates/thrussh/versions Release Notes
https://filezilla-project.org/versions.php Release Notes
https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch
https://github.com/NixOS/nixpkgs/pull/275249 Release Notes
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes
https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory
https://github.com/apache/mina-sshd/issues/445 Issue Tracking
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory
https://github.com/cyd01/KiTTY/issues/520 Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch
https://github.com/hierynomus/sshj/issues/916 Issue Tracking
https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch
https://github.com/libssh2/libssh2/pull/1291 Mitigation
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product
https://github.com/mwiede/jsch/issues/457 Issue Tracking
https://github.com/mwiede/jsch/pull/461 Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch
https://github.com/openssh/openssh-portable/commits/master Patch
https://github.com/paramiko/paramiko/issues/2337 Issue Tracking
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes
https://github.com/proftpd/proftpd/issues/456 Issue Tracking
https://github.com/rapier1/hpn-ssh/releases Release Notes
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes
https://github.com/ronf/asyncssh/tags Release Notes
https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking
https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes
https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List
https://help.panic.com/releasenotes/transmit5/ Release Notes
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List Third Party Advisory
https://matt.ucc.asn.au/dropbear/CHANGES Release Notes
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch
https://news.ycombinator.com/item?id=38684904 Issue Tracking
https://news.ycombinator.com/item?id=38685286 Issue Tracking
https://news.ycombinator.com/item?id=38732005 Issue Tracking
https://nova.app/releases/#v11.8 Release Notes
https://oryx-embedded.com/download/#changelog Release Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory
https://roumenpetrov.info/secsh/#news20231220 Release Notes
https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking
https://security.gentoo.org/glsa/202312-16 Third Party Advisory
https://security.gentoo.org/glsa/202312-17 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory
https://support.apple.com/kb/HT214084 Third Party Advisory
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory
https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage
https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory
https://winscp.net/eng/docs/history#6.2.2 Release Notes
https://www.bitvise.com/ssh-client-version-history#933 Release Notes
https://www.bitvise.com/ssh-server-version-history Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes
https://www.debian.org/security/2023/dsa-5586 Issue Tracking
https://www.debian.org/security/2023/dsa-5588 Issue Tracking
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory
https://www.netsarang.com/en/xshell-update-history/ Release Notes
https://www.openssh.com/openbsd.html Release Notes
https://www.openssh.com/txt/release-9.6 Release Notes
https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List
https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List Mitigation
https://www.paramiko.org/changelog.html Release Notes
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage
https://www.terrapin-attack.com Exploit
https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage
https://www.vandyke.com/products/securecrt/history.txt Release Notes

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Dockerfile Python Shell

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : Sept. 23, 2024, 11:54 p.m. This repo has been linked 3 different CVEs too.

DockerLab - Machine

Updated: 2 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : Aug. 24, 2024, 5:09 p.m. This repo has been linked 6 different CVEs too.

DockerLab - Machine

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : Aug. 19, 2024, 3:29 p.m. This repo has been linked 9 different CVEs too.

Máquina DockerLab

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : Aug. 18, 2024, 1:13 a.m. This repo has been linked 9 different CVEs too.

A Penetration Testing Checklist for web ensures comprehensive security by systematically identifying and addressing potential vulnerabilities. It covers key areas like authentication, session management, input validation, access controls, and data encryption, enhancing overall web application security.

Updated: 4 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : July 8, 2024, 6:41 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : July 5, 2024, 2:18 p.m. This repo has been linked 40 different CVEs too.

None

Updated: 5 months ago
0 stars 0 fork 0 watcher
Born at : June 8, 2024, 7:03 a.m. This repo has been linked 1 different CVEs too.

None

HTML Python

Updated: 2 months, 3 weeks ago
6 stars 0 fork 0 watcher
Born at : June 3, 2024, 7:15 a.m. This repo has been linked 1 different CVEs too.

None

Dockerfile Go

Updated: 5 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 29, 2024, 6:54 p.m. This repo has been linked 78 different CVEs too.

None

Python

Updated: 4 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : April 4, 2024, 11:43 a.m. This repo has been linked 1 different CVEs too.

SBOM2VANS工具,此工具協助轉換 SBOM 文件符合 VANS 格式,呼叫 OSV API 查詢資料庫確認組件是否有已知的安全漏洞,並使用 NVD API 查詢已知漏洞對應 CPE 格式,若無 CVE 或 CPE 格式元件則會以 package-url 格式儲存,最後將 SBOM 內套件轉轉換符合 VANS 格式欄位進行上傳。本專案於 GitHub 以開源專案釋出。有任何數位韌性相關問題,歡迎來電至 國家資通安全研究院前瞻中心架構設計組 02-6631-1881 詢問!

digital-resilience resilience sbom vans

Go

Updated: 4 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : March 26, 2024, 3:20 a.m. This repo has been linked 10 different CVEs too.

Secure Fedora 38

Shell

Updated: 6 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : March 11, 2024, 9:09 p.m. This repo has been linked 2 different CVEs too.

Harden the OpenSSH implementation in Windows 10/11 with the help of methods from Positron Security

1st-party-security encryption enterprise-security harden operation-system-security ssh ssh-client ssh-server windows windows11

PowerShell

Updated: 2 months, 2 weeks ago
7 stars 0 fork 0 watcher
Born at : March 2, 2024, 7:56 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 4 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 22, 2023, 9:46 a.m. This repo has been linked 5 different CVEs too.

This repository contains the artifacts for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

attack cryptography ssh vulnerability artifacts terrapin cve-2023-46445 cve-2023-46446 cve-2023-48795 poc

Python Dockerfile Shell

Updated: 3 months ago
58 stars 7 fork 7 watcher
Born at : Oct. 16, 2023, 7:59 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-48795 vulnerability anywhere in the article.

  • The Hacker News
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact o ... Read more

Published Date: Sep 26, 2024 (1 month, 4 weeks ago)

The following table lists the changes that have been made to the CVE-2023-48795 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    May. 01, 2024

    Action Type Old Value New Value
    Added Reference MITRE http://www.openwall.com/lists/oss-security/2024/03/06/3 [No types assigned]
  • CVE Modified by [email protected]

    May. 01, 2024

    Action Type Old Value New Value
    Added Reference MITRE http://www.openwall.com/lists/oss-security/2024/04/17/8 [No types assigned]
  • Modified Analysis by [email protected]

    Apr. 29, 2024

    Action Type Old Value New Value
    Changed Reference Type http://seclists.org/fulldisclosure/2024/Mar/21 No Types Assigned http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List, Third Party Advisory
    Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20240105-0004/ No Types Assigned https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT214084 No Types Assigned https://support.apple.com/kb/HT214084 Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13 OR *cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 14.0 up to (excluding) 14.4
  • CVE Modified by [email protected]

    Apr. 25, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html [No types assigned]
  • CVE Modified by [email protected]

    Mar. 13, 2024

    Action Type Old Value New Value
    Added Reference MITRE http://seclists.org/fulldisclosure/2024/Mar/21 [No types assigned]
  • CVE Modified by [email protected]

    Mar. 07, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://support.apple.com/kb/HT214084 [No types assigned]
  • CVE Modified by [email protected]

    Jan. 29, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 29, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 25, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html [No types assigned]
    Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html [No types assigned]
  • CVE Modified by [email protected]

    Jan. 19, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 18, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 15, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 [No types assigned]
  • CVE Modified by [email protected]

    Jan. 11, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 11, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 10, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 09, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ [No types assigned]
  • CVE Modified by [email protected]

    Jan. 05, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://security.netapp.com/advisory/ntap-20240105-0004/ [No types assigned]
  • CVE Modified by [email protected]

    Dec. 30, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ [No types assigned]
  • CVE Modified by [email protected]

    Dec. 29, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ [No types assigned]
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ [No types assigned]
  • Initial Analysis by [email protected]

    Dec. 28, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
    Changed Reference Type http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html No Types Assigned http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory, VDB Entry
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/18/3 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/19/5 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List
    Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/20/3 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation
    Changed Reference Type https://access.redhat.com/security/cve/cve-2023-48795 No Types Assigned https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory
    Changed Reference Type https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ No Types Assigned https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage
    Changed Reference Type https://bugs.gentoo.org/920280 No Types Assigned https://bugs.gentoo.org/920280 Issue Tracking
    Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=2254210 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking
    Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1217950 No Types Assigned https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking
    Changed Reference Type https://crates.io/crates/thrussh/versions No Types Assigned https://crates.io/crates/thrussh/versions Release Notes
    Changed Reference Type https://filezilla-project.org/versions.php No Types Assigned https://filezilla-project.org/versions.php Release Notes
    Changed Reference Type https://forum.netgate.com/topic/184941/terrapin-ssh-attack No Types Assigned https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking
    Changed Reference Type https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 No Types Assigned https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch
    Changed Reference Type https://github.com/advisories/GHSA-45x7-px36-x8w8 No Types Assigned https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory
    Changed Reference Type https://github.com/apache/mina-sshd/issues/445 No Types Assigned https://github.com/apache/mina-sshd/issues/445 Issue Tracking
    Changed Reference Type https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab No Types Assigned https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch
    Changed Reference Type https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 No Types Assigned https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory
    Changed Reference Type https://github.com/cyd01/KiTTY/issues/520 No Types Assigned https://github.com/cyd01/KiTTY/issues/520 Issue Tracking
    Changed Reference Type https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 No Types Assigned https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes
    Changed Reference Type https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 No Types Assigned https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch
    Changed Reference Type https://github.com/erlang/otp/releases/tag/OTP-26.2.1 No Types Assigned https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes
    Changed Reference Type https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d No Types Assigned https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch
    Changed Reference Type https://github.com/hierynomus/sshj/issues/916 No Types Assigned https://github.com/hierynomus/sshj/issues/916 Issue Tracking
    Changed Reference Type https://github.com/janmojzis/tinyssh/issues/81 No Types Assigned https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking
    Changed Reference Type https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 No Types Assigned https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch
    Changed Reference Type https://github.com/libssh2/libssh2/pull/1291 No Types Assigned https://github.com/libssh2/libssh2/pull/1291 Mitigation
    Changed Reference Type https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 No Types Assigned https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch
    Changed Reference Type https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 No Types Assigned https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch
    Changed Reference Type https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 No Types Assigned https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product
    Changed Reference Type https://github.com/mwiede/jsch/issues/457 No Types Assigned https://github.com/mwiede/jsch/issues/457 Issue Tracking
    Changed Reference Type https://github.com/mwiede/jsch/pull/461 No Types Assigned https://github.com/mwiede/jsch/pull/461 Release Notes
    Changed Reference Type https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 No Types Assigned https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch
    Changed Reference Type https://github.com/NixOS/nixpkgs/pull/275249 No Types Assigned https://github.com/NixOS/nixpkgs/pull/275249 Release Notes
    Changed Reference Type https://github.com/openssh/openssh-portable/commits/master No Types Assigned https://github.com/openssh/openssh-portable/commits/master Patch
    Changed Reference Type https://github.com/paramiko/paramiko/issues/2337 No Types Assigned https://github.com/paramiko/paramiko/issues/2337 Issue Tracking
    Changed Reference Type https://github.com/PowerShell/Win32-OpenSSH/issues/2189 No Types Assigned https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking
    Changed Reference Type https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta No Types Assigned https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes
    Changed Reference Type https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes
    Changed Reference Type https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes
    Changed Reference Type https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes
    Changed Reference Type https://github.com/proftpd/proftpd/issues/456 No Types Assigned https://github.com/proftpd/proftpd/issues/456 Issue Tracking
    Changed Reference Type https://github.com/rapier1/hpn-ssh/releases No Types Assigned https://github.com/rapier1/hpn-ssh/releases Release Notes
    Changed Reference Type https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst No Types Assigned https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes
    Changed Reference Type https://github.com/ronf/asyncssh/tags No Types Assigned https://github.com/ronf/asyncssh/tags Release Notes
    Changed Reference Type https://github.com/ssh-mitm/ssh-mitm/issues/165 No Types Assigned https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking
    Changed Reference Type https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 No Types Assigned https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch
    Changed Reference Type https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 No Types Assigned https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes
    Changed Reference Type https://github.com/warp-tech/russh/releases/tag/v0.40.2 No Types Assigned https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes
    Changed Reference Type https://gitlab.com/libssh/libssh-mirror/-/tags No Types Assigned https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes
    Changed Reference Type https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ No Types Assigned https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List
    Changed Reference Type https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg No Types Assigned https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List
    Changed Reference Type https://help.panic.com/releasenotes/transmit5/ No Types Assigned https://help.panic.com/releasenotes/transmit5/ Release Notes
    Changed Reference Type https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ No Types Assigned https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory
    Changed Reference Type https://matt.ucc.asn.au/dropbear/CHANGES No Types Assigned https://matt.ucc.asn.au/dropbear/CHANGES Release Notes
    Changed Reference Type https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC No Types Assigned https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch
    Changed Reference Type https://news.ycombinator.com/item?id=38684904 No Types Assigned https://news.ycombinator.com/item?id=38684904 Issue Tracking
    Changed Reference Type https://news.ycombinator.com/item?id=38685286 No Types Assigned https://news.ycombinator.com/item?id=38685286 Issue Tracking
    Changed Reference Type https://news.ycombinator.com/item?id=38732005 No Types Assigned https://news.ycombinator.com/item?id=38732005 Issue Tracking
    Changed Reference Type https://nova.app/releases/#v11.8 No Types Assigned https://nova.app/releases/#v11.8 Release Notes
    Changed Reference Type https://oryx-embedded.com/download/#changelog No Types Assigned https://oryx-embedded.com/download/#changelog Release Notes
    Changed Reference Type https://roumenpetrov.info/secsh/#news20231220 No Types Assigned https://roumenpetrov.info/secsh/#news20231220 Release Notes
    Changed Reference Type https://security.gentoo.org/glsa/202312-16 No Types Assigned https://security.gentoo.org/glsa/202312-16 Third Party Advisory
    Changed Reference Type https://security.gentoo.org/glsa/202312-17 No Types Assigned https://security.gentoo.org/glsa/202312-17 Third Party Advisory
    Changed Reference Type https://security-tracker.debian.org/tracker/CVE-2023-48795 No Types Assigned https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory
    Changed Reference Type https://security-tracker.debian.org/tracker/source-package/libssh2 No Types Assigned https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory
    Changed Reference Type https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg No Types Assigned https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory
    Changed Reference Type https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 No Types Assigned https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking
    Changed Reference Type https://thorntech.com/cve-2023-48795-and-sftp-gateway/ No Types Assigned https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory
    Changed Reference Type https://twitter.com/TrueSkrillor/status/1736774389725565005 No Types Assigned https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage
    Changed Reference Type https://ubuntu.com/security/CVE-2023-48795 No Types Assigned https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory
    Changed Reference Type https://winscp.net/eng/docs/history#6.2.2 No Types Assigned https://winscp.net/eng/docs/history#6.2.2 Release Notes
    Changed Reference Type https://www.bitvise.com/ssh-client-version-history#933 No Types Assigned https://www.bitvise.com/ssh-client-version-history#933 Release Notes
    Changed Reference Type https://www.bitvise.com/ssh-server-version-history No Types Assigned https://www.bitvise.com/ssh-server-version-history Release Notes
    Changed Reference Type https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html No Types Assigned https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes
    Changed Reference Type https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update No Types Assigned https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes
    Changed Reference Type https://www.debian.org/security/2023/dsa-5586 No Types Assigned https://www.debian.org/security/2023/dsa-5586 Issue Tracking
    Changed Reference Type https://www.debian.org/security/2023/dsa-5588 No Types Assigned https://www.debian.org/security/2023/dsa-5588 Issue Tracking
    Changed Reference Type https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc No Types Assigned https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes
    Changed Reference Type https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 No Types Assigned https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory
    Changed Reference Type https://www.netsarang.com/en/xshell-update-history/ No Types Assigned https://www.netsarang.com/en/xshell-update-history/ Release Notes
    Changed Reference Type https://www.openssh.com/openbsd.html No Types Assigned https://www.openssh.com/openbsd.html Release Notes
    Changed Reference Type https://www.openssh.com/txt/release-9.6 No Types Assigned https://www.openssh.com/txt/release-9.6 Release Notes
    Changed Reference Type https://www.openwall.com/lists/oss-security/2023/12/18/2 No Types Assigned https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List
    Changed Reference Type https://www.openwall.com/lists/oss-security/2023/12/20/3 No Types Assigned https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation
    Changed Reference Type https://www.paramiko.org/changelog.html No Types Assigned https://www.paramiko.org/changelog.html Release Notes
    Changed Reference Type https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ No Types Assigned https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking
    Changed Reference Type https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ No Types Assigned https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage
    Changed Reference Type https://www.terrapin-attack.com No Types Assigned https://www.terrapin-attack.com Exploit
    Changed Reference Type https://www.theregister.com/2023/12/20/terrapin_attack_ssh No Types Assigned https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage
    Changed Reference Type https://www.vandyke.com/products/securecrt/history.txt No Types Assigned https://www.vandyke.com/products/securecrt/history.txt Release Notes
    Added CWE NIST CWE-354
    Added CPE Configuration OR *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (excluding) 9.6
    Added CPE Configuration OR *cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:* versions up to (excluding) 0.80
    Added CPE Configuration OR *cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:* versions up to (excluding) 3.66.4
    Added CPE Configuration OR *cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:* versions up to (including) 11.1.0
    Added CPE Configuration AND OR *cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.4 OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:* versions up to (excluding) 11.8 OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:* versions up to (excluding) 14.4
    Added CPE Configuration OR *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (excluding) 6.2.2
    Added CPE Configuration OR *cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:* versions up to (excluding) 9.33
    Added CPE Configuration OR *cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:* versions up to (excluding) 9.32
    Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:* versions up to (including) 3.66.4
    Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:* *cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.3
    Added CPE Configuration OR *cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* versions up to (excluding) 0.10.6
    Added CPE Configuration OR *cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*
    Added CPE Configuration OR *cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:* versions up to (including) 1.11.0
    Added CPE Configuration OR *cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* versions up to (including) 1.3.8b
    Added CPE Configuration OR *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions up to (including) 12.4
    Added CPE Configuration OR *cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:* versions up to (excluding) 0.35.1
    Added CPE Configuration OR *cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:* versions up to (including) 5.1
    Added CPE Configuration OR *cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:* versions up to (excluding) 2.3.4
    Added CPE Configuration OR *cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* versions up to (including) 10.6.0
    Added CPE Configuration OR *cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:* versions up to (excluding) build__0144
    Added CPE Configuration OR *cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:* versions up to (excluding) 0.17.0
    Added CPE Configuration OR *cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:* versions up to (excluding) 0.40.2
    Added CPE Configuration OR *cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.6
    Added CPE Configuration OR *cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* versions up to (excluding) 26.2.1
    Added CPE Configuration OR *cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:* versions up to (excluding) 0.2.15
    Added CPE Configuration OR *cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:* versions up to (excluding) 1.11.10
    Added CPE Configuration OR *cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:* versions up to (excluding) 2.14.2
    Added CPE Configuration OR *cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* versions up to (excluding) 2022.83
    Added CPE Configuration OR *cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:* versions up to (excluding) 3.1.0-snapshot
    Added CPE Configuration OR *cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:* versions up to (excluding) 5.11
    Added CPE Configuration OR *cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.6
    Added CPE Configuration OR *cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:* versions up to (including) 23.09.1
    Added CPE Configuration OR *cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:* versions up to (including) 2.7.2
    Added CPE Configuration OR *cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* versions up to (excluding) 10.6.0
    Added CPE Configuration OR *cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.22
    Added CPE Configuration OR *cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:* versions up to (including) 2.11.0
    Added CPE Configuration OR *cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:* versions up to (including) 0.37.0
    Added CPE Configuration OR *cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:* versions up to (including) 20230101
    Added CPE Configuration OR *cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13
    Added CPE Configuration AND OR *cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:* OR cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Dec. 28, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://security.gentoo.org/glsa/202312-16 [No types assigned]
    Added Reference MITRE https://security.gentoo.org/glsa/202312-17 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 26, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html [No types assigned]
  • CVE Modified by [email protected]

    Dec. 24, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://github.com/ssh-mitm/ssh-mitm/issues/165 [No types assigned]
    Added Reference MITRE https://news.ycombinator.com/item?id=38732005 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 24, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://www.debian.org/security/2023/dsa-5588 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 24, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
  • CVE Modified by [email protected]

    Dec. 22, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
    Added Reference MITRE https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 [No types assigned]
    Added Reference MITRE https://www.theregister.com/2023/12/20/terrapin_attack_ssh [No types assigned]
    Added Reference MITRE https://filezilla-project.org/versions.php [No types assigned]
    Added Reference MITRE https://nova.app/releases/#v11.8 [No types assigned]
    Added Reference MITRE https://roumenpetrov.info/secsh/#news20231220 [No types assigned]
    Added Reference MITRE https://www.vandyke.com/products/securecrt/history.txt [No types assigned]
    Added Reference MITRE https://help.panic.com/releasenotes/transmit5/ [No types assigned]
    Added Reference MITRE https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta [No types assigned]
    Added Reference MITRE https://github.com/PowerShell/Win32-OpenSSH/issues/2189 [No types assigned]
    Added Reference MITRE https://winscp.net/eng/docs/history#6.2.2 [No types assigned]
    Added Reference MITRE https://www.bitvise.com/ssh-client-version-history#933 [No types assigned]
    Added Reference MITRE https://github.com/cyd01/KiTTY/issues/520 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 22, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://www.debian.org/security/2023/dsa-5586 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 22, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ [No types assigned]
  • CVE Modified by [email protected]

    Dec. 21, 2023

    Action Type Old Value New Value
    Added Reference MITRE http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.
    Added Reference MITRE https://www.openwall.com/lists/oss-security/2023/12/20/3 [No types assigned]
    Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 [No types assigned]
    Added Reference MITRE https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.
    Added Reference MITRE https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES [No types assigned]
    Added Reference MITRE https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES [No types assigned]
    Added Reference MITRE https://github.com/apache/mina-sshd/issues/445 [No types assigned]
    Added Reference MITRE https://github.com/hierynomus/sshj/issues/916 [No types assigned]
    Added Reference MITRE https://github.com/janmojzis/tinyssh/issues/81 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/20/3 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc [No types assigned]
  • CVE Modified by [email protected]

    Dec. 20, 2023

    Action Type Old Value New Value
    Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/19/5 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 19, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.
    Added Reference MITRE https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES [No types assigned]
    Added Reference MITRE https://www.netsarang.com/en/xshell-update-history/ [No types assigned]
    Added Reference MITRE https://www.paramiko.org/changelog.html [No types assigned]
    Added Reference MITRE https://github.com/proftpd/proftpd/issues/456 [No types assigned]
    Added Reference MITRE https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 [No types assigned]
    Added Reference MITRE https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 [No types assigned]
    Added Reference MITRE https://oryx-embedded.com/download/#changelog [No types assigned]
    Added Reference MITRE https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update [No types assigned]
    Added Reference MITRE https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 [No types assigned]
    Added Reference MITRE https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab [No types assigned]
    Added Reference MITRE https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 [No types assigned]
    Added Reference MITRE https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC [No types assigned]
    Added Reference MITRE https://crates.io/crates/thrussh/versions [No types assigned]
    Added Reference MITRE https://github.com/NixOS/nixpkgs/pull/275249 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 19, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31.
    Added Reference MITRE https://forum.netgate.com/topic/184941/terrapin-ssh-attack [No types assigned]
    Added Reference MITRE https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 [No types assigned]
    Added Reference MITRE https://github.com/rapier1/hpn-ssh/releases [No types assigned]
  • CVE Modified by [email protected]

    Dec. 19, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://github.com/libssh2/libssh2/pull/1291 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 18, 2023

    Action Type Old Value New Value
    Added Reference MITRE https://github.com/erlang/otp/releases/tag/OTP-26.2.1 [No types assigned]
    Added Reference MITRE https://github.com/advisories/GHSA-45x7-px36-x8w8 [No types assigned]
    Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/libssh2 [No types assigned]
    Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg [No types assigned]
    Added Reference MITRE https://security-tracker.debian.org/tracker/CVE-2023-48795 [No types assigned]
    Added Reference MITRE https://bugzilla.suse.com/show_bug.cgi?id=1217950 [No types assigned]
    Added Reference MITRE https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [No types assigned]
    Added Reference MITRE https://bugs.gentoo.org/920280 [No types assigned]
    Added Reference MITRE https://ubuntu.com/security/CVE-2023-48795 [No types assigned]
    Added Reference MITRE https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ [No types assigned]
    Added Reference MITRE https://access.redhat.com/security/cve/cve-2023-48795 [No types assigned]
    Added Reference MITRE https://github.com/mwiede/jsch/pull/461 [No types assigned]
    Added Reference MITRE https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 18, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.
    Added Reference MITRE https://github.com/mwiede/jsch/issues/457 [No types assigned]
    Added Reference MITRE https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 18, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5.
    Added Reference MITRE https://github.com/paramiko/paramiko/issues/2337 [No types assigned]
    Added Reference MITRE https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg [No types assigned]
    Added Reference MITRE https://news.ycombinator.com/item?id=38684904 [No types assigned]
    Added Reference MITRE https://news.ycombinator.com/item?id=38685286 [No types assigned]
    Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/18/3 [No types assigned]
  • CVE Modified by [email protected]

    Dec. 18, 2023

    Action Type Old Value New Value
    Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17.
    Added Reference MITRE https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst [No types assigned]
    Added Reference MITRE https://thorntech.com/cve-2023-48795-and-sftp-gateway/ [No types assigned]
    Added Reference MITRE https://github.com/warp-tech/russh/releases/tag/v0.40.2 [No types assigned]
    Added Reference MITRE https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 [No types assigned]
    Added Reference MITRE https://www.openwall.com/lists/oss-security/2023/12/18/2 [No types assigned]
    Added Reference MITRE https://twitter.com/TrueSkrillor/status/1736774389725565005 [No types assigned]
    Added Reference MITRE https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d [No types assigned]
  • CVE Received by [email protected]

    Dec. 18, 2023

    Action Type Old Value New Value
    Added Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17.
    Added Reference MITRE https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html [No types assigned]
    Added Reference MITRE https://matt.ucc.asn.au/dropbear/CHANGES [No types assigned]
    Added Reference MITRE https://www.openssh.com/openbsd.html [No types assigned]
    Added Reference MITRE https://github.com/openssh/openssh-portable/commits/master [No types assigned]
    Added Reference MITRE https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ [No types assigned]
    Added Reference MITRE https://www.bitvise.com/ssh-server-version-history [No types assigned]
    Added Reference MITRE https://github.com/ronf/asyncssh/tags [No types assigned]
    Added Reference MITRE https://gitlab.com/libssh/libssh-mirror/-/tags [No types assigned]
    Added Reference MITRE https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ [No types assigned]
    Added Reference MITRE https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 [No types assigned]
    Added Reference MITRE https://www.openssh.com/txt/release-9.6 [No types assigned]
    Added Reference MITRE https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ [No types assigned]
    Added Reference MITRE https://www.terrapin-attack.com [No types assigned]
    Added Reference MITRE https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-48795 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-48795 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

96.29 }} 0.04%

score

0.99593

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability