CVE-2023-48795

5.9

MEDIUM

OpenSSH Terrapin Subversion

Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

INFO

Published Date :

Dec. 18, 2023, 4:15 p.m.

Last Modified :

May 1, 2024, 6:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

2.2 Public PoC/Exploit Available at Github

CVE-2023-48795 has a 20 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-48795 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Redhat	enterprise_linux
2	Redhat	openshift_container_platform
3	Redhat	ceph_storage
4	Redhat	keycloak
5	Redhat	jboss_enterprise_application_platform
6	Redhat	single_sign-on
7	Redhat	openstack_platform
8	Redhat	openshift_serverless
9	Redhat	storage
10	Redhat	openshift_virtualization
11	Redhat	openshift_data_foundation
12	Redhat	advanced_cluster_security
13	Redhat	openshift_gitops
14	Redhat	openshift_pipelines
15	Redhat	openshift_developer_tools_and_services
16	Redhat	openshift_api_for_data_protection
17	Redhat	discovery
18	Redhat	openshift_dev_spaces
19	Redhat	cert-manager_operator_for_red_hat_openshift
1	Lancom-systems	lcos
2	Lancom-systems	lcos_fx
3	Lancom-systems	lcos_lx
4	Lancom-systems	lcos_sx
5	Lancom-systems	lanconfig
1	Apache	sshd
2	Apache	sshj
1	Netgate	pfsense_plus
2	Netgate	pfsense_ce
1	Panic	transmit_5
2	Panic	nova
1	Bitvise	ssh_client
2	Bitvise	ssh_server
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Openbsd	openssh
1	Apple	macos
1	Filezilla-project	filezilla_client
1	Freebsd	freebsd
1	Dropbear_ssh_project	dropbear_ssh
1	Libssh2	libssh2
1	Putty	putty
1	Microsoft	powershell
1	Paramiko	paramiko
1	Proftpd	proftpd
1	Crushftp	crushftp
1	Libssh	libssh
1	Golang	crypto
1	Vandyke	securecrt
1	Asyncssh_project	asyncssh
1	Erlang	erlang\/otp
1	Ssh2_project	ssh2
1	Winscp	winscp
1	Ssh	ssh
1	Russh_project	russh
1	Tera_term_project	tera_term
1	Sftpgo_project	sftpgo
1	Roumenpetrov	pkixssh
1	Net-ssh	net-ssh
1	Crates	thrussh
1	Oryx-embedded	cyclone_ssh
1	Netsarang	xshell_7
1	Matez	jsch
1	Jadaptive	maverick_synergy_java_ssh_api
1	Thorntech	sftp_gateway_firmware
1	Connectbot	sshlib
1	Tinyssh	tinyssh
1	Trilead	ssh2
1	Gentoo	security
1	9bis	kitty

: Total Affected Vendor : 43 | Products : 69

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-48795.

URL	Resource
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/18/3	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/19/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/security/cve/cve-2023-48795	Third Party Advisory
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/	Press/Media Coverage
https://bugs.gentoo.org/920280	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2254210	Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1217950	Issue Tracking
https://crates.io/crates/thrussh/versions	Release Notes
https://filezilla-project.org/versions.php	Release Notes
https://forum.netgate.com/topic/184941/terrapin-ssh-attack	Issue Tracking
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6	Patch
https://github.com/NixOS/nixpkgs/pull/275249	Release Notes
https://github.com/PowerShell/Win32-OpenSSH/issues/2189	Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta	Release Notes
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0	Patch
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1	Release Notes
https://github.com/advisories/GHSA-45x7-px36-x8w8	Third Party Advisory
https://github.com/apache/mina-sshd/issues/445	Issue Tracking
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab	Patch
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22	Third Party Advisory
https://github.com/cyd01/KiTTY/issues/520	Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6	Release Notes
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42	Patch
https://github.com/erlang/otp/releases/tag/OTP-26.2.1	Release Notes
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d	Patch
https://github.com/hierynomus/sshj/issues/916	Issue Tracking
https://github.com/janmojzis/tinyssh/issues/81	Issue Tracking
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5	Patch
https://github.com/libssh2/libssh2/pull/1291	Mitigation
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25	Patch
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3	Patch
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15	Product
https://github.com/mwiede/jsch/issues/457	Issue Tracking
https://github.com/mwiede/jsch/pull/461	Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16	Patch
https://github.com/openssh/openssh-portable/commits/master	Patch
https://github.com/paramiko/paramiko/issues/2337	Issue Tracking
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/issues/456	Issue Tracking
https://github.com/rapier1/hpn-ssh/releases	Release Notes
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst	Release Notes
https://github.com/ronf/asyncssh/tags	Release Notes
https://github.com/ssh-mitm/ssh-mitm/issues/165	Issue Tracking
https://github.com/warp-tech/russh/releases/tag/v0.40.2	Release Notes
https://gitlab.com/libssh/libssh-mirror/-/tags	Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ	Mailing List
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg	Mailing List
https://help.panic.com/releasenotes/transmit5/	Release Notes
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/	Press/Media Coverage
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html	Mailing List
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/	Mailing List Third Party Advisory
https://matt.ucc.asn.au/dropbear/CHANGES	Release Notes
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC	Patch
https://news.ycombinator.com/item?id=38684904	Issue Tracking
https://news.ycombinator.com/item?id=38685286	Issue Tracking
https://news.ycombinator.com/item?id=38732005	Issue Tracking
https://nova.app/releases/#v11.8	Release Notes
https://oryx-embedded.com/download/#changelog	Release Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002	Third Party Advisory
https://roumenpetrov.info/secsh/#news20231220	Release Notes
https://security-tracker.debian.org/tracker/CVE-2023-48795	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/libssh2	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2	Issue Tracking
https://security.gentoo.org/glsa/202312-16	Third Party Advisory
https://security.gentoo.org/glsa/202312-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0004/	Third Party Advisory
https://support.apple.com/kb/HT214084	Third Party Advisory
https://thorntech.com/cve-2023-48795-and-sftp-gateway/	Third Party Advisory
https://twitter.com/TrueSkrillor/status/1736774389725565005	Press/Media Coverage
https://ubuntu.com/security/CVE-2023-48795	Vendor Advisory
https://winscp.net/eng/docs/history#6.2.2	Release Notes
https://www.bitvise.com/ssh-client-version-history#933	Release Notes
https://www.bitvise.com/ssh-server-version-history	Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html	Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update	Release Notes
https://www.debian.org/security/2023/dsa-5586	Issue Tracking
https://www.debian.org/security/2023/dsa-5588	Issue Tracking
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc	Release Notes
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508	Vendor Advisory
https://www.netsarang.com/en/xshell-update-history/	Release Notes
https://www.openssh.com/openbsd.html	Release Notes
https://www.openssh.com/txt/release-9.6	Release Notes
https://www.openwall.com/lists/oss-security/2023/12/18/2	Mailing List
https://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
https://www.paramiko.org/changelog.html	Release Notes
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/	Issue Tracking
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/	Press/Media Coverage
https://www.terrapin-attack.com	Exploit
https://www.theregister.com/2023/12/20/terrapin_attack_ssh	Press/Media Coverage
https://www.vandyke.com/products/securecrt/history.txt	Release Notes

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

butterfly026/Terrapin

None

Dockerfile Python Shell

Updated: 2 months ago

0 stars 0 fork 0 watcher

Born at : Sept. 23, 2024, 11:54 p.m. This repo has been linked 3 different CVEs too.

alvarigno22/NodeClimb-DockerLab

DockerLab - Machine

Updated: 2 months, 4 weeks ago

0 stars 0 fork 0 watcher

Born at : Aug. 24, 2024, 5:09 p.m. This repo has been linked 6 different CVEs too.

alvarigno22/ChocolateFire-DockerLab

DockerLab - Machine

Updated: 3 months ago

0 stars 0 fork 0 watcher

Born at : Aug. 19, 2024, 3:29 p.m. This repo has been linked 9 different CVEs too.

alvarigno/ChocolateFire-DockerLab

Máquina DockerLab

Updated: 3 months ago

0 stars 0 fork 0 watcher

Born at : Aug. 18, 2024, 1:13 a.m. This repo has been linked 9 different CVEs too.

pavankumar143-coder/Penetration-Testing-Checklist

A Penetration Testing Checklist for web ensures comprehensive security by systematically identifying and addressing potential vulnerabilities. It covers key areas like authentication, session management, input validation, access controls, and data encryption, enhancing overall web application security.

Updated: 4 months, 1 week ago

2 stars 0 fork 0 watcher

Born at : July 8, 2024, 6:41 p.m. This repo has been linked 1 different CVEs too.

h4ckm1n-dev/report-test

None

Updated: 3 months ago

0 stars 0 fork 0 watcher

Born at : July 5, 2024, 2:18 p.m. This repo has been linked 40 different CVEs too.

dpakmrya/Web-Hunting-methodology

None

Updated: 5 months ago

0 stars 0 fork 0 watcher

Born at : June 8, 2024, 7:03 a.m. This repo has been linked 1 different CVEs too.

InfoSecExplorer/Vulnerability-Checklist

None

HTML Python

Updated: 2 months, 3 weeks ago

6 stars 0 fork 0 watcher

Born at : June 3, 2024, 7:15 a.m. This repo has been linked 1 different CVEs too.

testing-felickz/docker-scout-demo

None

Dockerfile Go

Updated: 5 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : May 29, 2024, 6:54 p.m. This repo has been linked 78 different CVEs too.

SecDev0ps/SSH-Terrapin-Attack

None

Python

Updated: 4 months, 3 weeks ago

1 stars 0 fork 0 watcher

Born at : April 4, 2024, 11:43 a.m. This repo has been linked 1 different CVEs too.

nics-tw/sbom2vans

SBOM2VANS工具，此工具協助轉換 SBOM 文件符合 VANS 格式，呼叫 OSV API 查詢資料庫確認組件是否有已知的安全漏洞，並使用 NVD API 查詢已知漏洞對應 CPE 格式，若無 CVE 或 CPE 格式元件則會以 package-url 格式儲存，最後將 SBOM 內套件轉轉換符合 VANS 格式欄位進行上傳。本專案於 GitHub 以開源專案釋出。有任何數位韌性相關問題，歡迎來電至國家資通安全研究院前瞻中心架構設計組 02-6631-1881 詢問!

digital-resilience resilience sbom vans

Updated: 4 months, 1 week ago

1 stars 0 fork 0 watcher

Born at : March 26, 2024, 3:20 a.m. This repo has been linked 10 different CVEs too.

TarikVUT/secure-fedora38

Secure Fedora 38

Shell

Updated: 6 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : March 11, 2024, 9:09 p.m. This repo has been linked 2 different CVEs too.

JuliusBairaktaris/Harden-Windows-SSH

Harden the OpenSSH implementation in Windows 10/11 with the help of methods from Positron Security

1st-party-security encryption enterprise-security harden operation-system-security ssh ssh-client ssh-server windows windows11

PowerShell

Updated: 2 months, 2 weeks ago

7 stars 0 fork 0 watcher

Born at : March 2, 2024, 7:56 p.m. This repo has been linked 1 different CVEs too.

GitHubForSnap/openssh-server-gael

None

Updated: 4 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : Oct. 22, 2023, 9:46 a.m. This repo has been linked 5 different CVEs too.

RUB-NDS/Terrapin-Artifacts

This repository contains the artifacts for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

attack cryptography ssh vulnerability artifacts terrapin cve-2023-46445 cve-2023-46446 cve-2023-48795 poc

Python Dockerfile Shell

Updated: 3 months ago

58 stars 7 fork 7 watcher

Born at : Oct. 16, 2023, 7:59 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-48795 vulnerability anywhere in the article.

The Hacker News

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact o ...

Published Date: Sep 26, 2024 (1 month, 4 weeks ago)

CVE-2023-48795

The following table lists the changes that have been made to the CVE-2023-48795 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Action	Type	Old Value	New Value
Changed	Reference Type	http://seclists.org/fulldisclosure/2024/Mar/21 No Types Assigned	http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List, Third Party Advisory
Changed	Reference Type	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 No Types Assigned	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20240105-0004/ No Types Assigned	https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory
Changed	Reference Type	https://support.apple.com/kb/HT214084 No Types Assigned	https://support.apple.com/kb/HT214084 Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:a:kitty_project:kitty::::::::* versions up to (including) 0.76.1.13	OR cpe:2.3:a:9bis:kitty::::::::* versions up to (including) 0.76.1.13
Added	CPE Configuration		OR cpe:2.3:o:fedoraproject:fedora:38::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:10.0:::::::
Added	CPE Configuration		OR cpe:2.3:o:apple:macos::::::::* versions from (including) 14.0 up to (excluding) 14.4

Action	Type	Old Value	New Value
Added	Reference		MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html [No types assigned]
Added	Reference		MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html [No types assigned]

Action	Type	New Value
Added	Reference	MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ [No types assigned]
Added	Reference	MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ [No types assigned]
Added	Reference	MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ [No types assigned]
Added	Reference	MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ [No types assigned]

Action	Type	Old Value	New Value
Added	Reference		MITRE https://security.gentoo.org/glsa/202312-16 [No types assigned]
Added	Reference		MITRE https://security.gentoo.org/glsa/202312-17 [No types assigned]

Action	Type	Old Value	New Value
Added	Reference		MITRE https://github.com/ssh-mitm/ssh-mitm/issues/165 [No types assigned]
Added	Reference		MITRE https://news.ycombinator.com/item?id=38732005 [No types assigned]

Action	Type	New Value
Added	Reference	MITRE https://github.com/erlang/otp/releases/tag/OTP-26.2.1 [No types assigned]
Added	Reference	MITRE https://github.com/advisories/GHSA-45x7-px36-x8w8 [No types assigned]
Added	Reference	MITRE https://security-tracker.debian.org/tracker/source-package/libssh2 [No types assigned]
Added	Reference	MITRE https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg [No types assigned]
Added	Reference	MITRE https://security-tracker.debian.org/tracker/CVE-2023-48795 [No types assigned]
Added	Reference	MITRE https://bugzilla.suse.com/show_bug.cgi?id=1217950 [No types assigned]
Added	Reference	MITRE https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [No types assigned]
Added	Reference	MITRE https://bugs.gentoo.org/920280 [No types assigned]
Added	Reference	MITRE https://ubuntu.com/security/CVE-2023-48795 [No types assigned]
Added	Reference	MITRE https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ [No types assigned]
Added	Reference	MITRE https://access.redhat.com/security/cve/cve-2023-48795 [No types assigned]
Added	Reference	MITRE https://github.com/mwiede/jsch/pull/461 [No types assigned]
Added	Reference	MITRE https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 [No types assigned]

CVE-2023-48795

OpenSSH Terrapin Subversion

Description

INFO

Dec. 18, 2023, 4:15 p.m.

May 1, 2024, 6:15 p.m.

Yes !

3.6

2.2

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

96.29 }} 0.04%

0.99593

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default