CVE-2023-48795
OpenSSH Terrapin Subversion
Description
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
INFO
Published Date :
Dec. 18, 2023, 4:15 p.m.
Last Modified :
Dec. 2, 2024, 2:54 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
3.6
Exploitability Score :
2.2
Public PoC/Exploit Available at Github
CVE-2023-48795 has a 23 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2023-48795
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-48795
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
cnPuTTY0.80.0.1PuTTY0.80中文版本简介
OpenSSH Vulnerabilities list
cve openssh vulnerabilities
None
Python HTML
None
Dockerfile Python Shell
DockerLab - Machine
DockerLab - Machine
Máquina DockerLab
A Penetration Testing Checklist for web ensures comprehensive security by systematically identifying and addressing potential vulnerabilities. It covers key areas like authentication, session management, input validation, access controls, and data encryption, enhancing overall web application security.
None
None
None
HTML Python
None
Dockerfile Go
None
Python
Secure Fedora 38
Shell
Harden the OpenSSH implementation in Windows 10/11 with the help of methods from Positron Security
1st-party-security encryption enterprise-security harden operation-system-security ssh ssh-client ssh-server windows windows11
PowerShell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-48795
vulnerability anywhere in the article.
- The Hacker News
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact o ... Read more
The following table lists the changes that have been made to the
CVE-2023-48795
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Dec. 02, 2024
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:* versions up to (excluding) 1.11.10 OR *cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:* versions up to (excluding) 1.11.1 Changed Reference Type http://www.openwall.com/lists/oss-security/2024/03/06/3 No Types Assigned http://www.openwall.com/lists/oss-security/2024/03/06/3 Mailing List Changed Reference Type http://www.openwall.com/lists/oss-security/2024/03/06/3 No Types Assigned http://www.openwall.com/lists/oss-security/2024/03/06/3 Mailing List Changed Reference Type http://www.openwall.com/lists/oss-security/2024/04/17/8 No Types Assigned http://www.openwall.com/lists/oss-security/2024/04/17/8 Mailing List Changed Reference Type http://www.openwall.com/lists/oss-security/2024/04/17/8 No Types Assigned http://www.openwall.com/lists/oss-security/2024/04/17/8 Mailing List -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Added Reference http://seclists.org/fulldisclosure/2024/Mar/21 Added Reference http://www.openwall.com/lists/oss-security/2023/12/18/3 Added Reference http://www.openwall.com/lists/oss-security/2023/12/19/5 Added Reference http://www.openwall.com/lists/oss-security/2023/12/20/3 Added Reference http://www.openwall.com/lists/oss-security/2024/03/06/3 Added Reference http://www.openwall.com/lists/oss-security/2024/04/17/8 Added Reference https://access.redhat.com/security/cve/cve-2023-48795 Added Reference https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Added Reference https://bugs.gentoo.org/920280 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Added Reference https://bugzilla.suse.com/show_bug.cgi?id=1217950 Added Reference https://crates.io/crates/thrussh/versions Added Reference https://filezilla-project.org/versions.php Added Reference https://forum.netgate.com/topic/184941/terrapin-ssh-attack Added Reference https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Added Reference https://github.com/advisories/GHSA-45x7-px36-x8w8 Added Reference https://github.com/apache/mina-sshd/issues/445 Added Reference https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Added Reference https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Added Reference https://github.com/cyd01/KiTTY/issues/520 Added Reference https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Added Reference https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Added Reference https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Added Reference https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Added Reference https://github.com/hierynomus/sshj/issues/916 Added Reference https://github.com/janmojzis/tinyssh/issues/81 Added Reference https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Added Reference https://github.com/libssh2/libssh2/pull/1291 Added Reference https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Added Reference https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Added Reference https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Added Reference https://github.com/mwiede/jsch/issues/457 Added Reference https://github.com/mwiede/jsch/pull/461 Added Reference https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Added Reference https://github.com/NixOS/nixpkgs/pull/275249 Added Reference https://github.com/openssh/openssh-portable/commits/master Added Reference https://github.com/paramiko/paramiko/issues/2337 Added Reference https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Added Reference https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Added Reference https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Added Reference https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Added Reference https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Added Reference https://github.com/proftpd/proftpd/issues/456 Added Reference https://github.com/rapier1/hpn-ssh/releases Added Reference https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Added Reference https://github.com/ronf/asyncssh/tags Added Reference https://github.com/ssh-mitm/ssh-mitm/issues/165 Added Reference https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Added Reference https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Added Reference https://github.com/warp-tech/russh/releases/tag/v0.40.2 Added Reference https://gitlab.com/libssh/libssh-mirror/-/tags Added Reference https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Added Reference https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Added Reference https://help.panic.com/releasenotes/transmit5/ Added Reference https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Added Reference https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Added Reference https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Added Reference https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Added Reference https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Added Reference https://matt.ucc.asn.au/dropbear/CHANGES Added Reference https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Added Reference https://news.ycombinator.com/item?id=38684904 Added Reference https://news.ycombinator.com/item?id=38685286 Added Reference https://news.ycombinator.com/item?id=38732005 Added Reference https://nova.app/releases/#v11.8 Added Reference https://oryx-embedded.com/download/#changelog Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Added Reference https://roumenpetrov.info/secsh/#news20231220 Added Reference https://security.gentoo.org/glsa/202312-16 Added Reference https://security.gentoo.org/glsa/202312-17 Added Reference https://security.netapp.com/advisory/ntap-20240105-0004/ Added Reference https://security-tracker.debian.org/tracker/CVE-2023-48795 Added Reference https://security-tracker.debian.org/tracker/source-package/libssh2 Added Reference https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Added Reference https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Added Reference https://support.apple.com/kb/HT214084 Added Reference https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Added Reference https://twitter.com/TrueSkrillor/status/1736774389725565005 Added Reference https://ubuntu.com/security/CVE-2023-48795 Added Reference https://winscp.net/eng/docs/history#6.2.2 Added Reference https://www.bitvise.com/ssh-client-version-history#933 Added Reference https://www.bitvise.com/ssh-server-version-history Added Reference https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Added Reference https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Added Reference https://www.debian.org/security/2023/dsa-5586 Added Reference https://www.debian.org/security/2023/dsa-5588 Added Reference https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Added Reference https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Added Reference https://www.netsarang.com/en/xshell-update-history/ Added Reference https://www.openssh.com/openbsd.html Added Reference https://www.openssh.com/txt/release-9.6 Added Reference https://www.openwall.com/lists/oss-security/2023/12/18/2 Added Reference https://www.openwall.com/lists/oss-security/2023/12/20/3 Added Reference https://www.paramiko.org/changelog.html Added Reference https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Added Reference https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Added Reference https://www.terrapin-attack.com Added Reference https://www.theregister.com/2023/12/20/terrapin_attack_ssh Added Reference https://www.vandyke.com/products/securecrt/history.txt -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
May. 01, 2024
Action Type Old Value New Value Added Reference MITRE http://www.openwall.com/lists/oss-security/2024/03/06/3 [No types assigned] -
CVE Modified by [email protected]
May. 01, 2024
Action Type Old Value New Value Added Reference MITRE http://www.openwall.com/lists/oss-security/2024/04/17/8 [No types assigned] -
Modified Analysis by [email protected]
Apr. 29, 2024
Action Type Old Value New Value Changed Reference Type http://seclists.org/fulldisclosure/2024/Mar/21 No Types Assigned http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List, Third Party Advisory Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List, Third Party Advisory Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List, Third Party Advisory Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory Changed Reference Type https://security.netapp.com/advisory/ntap-20240105-0004/ No Types Assigned https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory Changed Reference Type https://support.apple.com/kb/HT214084 No Types Assigned https://support.apple.com/kb/HT214084 Third Party Advisory Changed CPE Configuration OR *cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13 OR *cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13 Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 14.0 up to (excluding) 14.4 -
CVE Modified by [email protected]
Apr. 25, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html [No types assigned] -
CVE Modified by [email protected]
Mar. 13, 2024
Action Type Old Value New Value Added Reference MITRE http://seclists.org/fulldisclosure/2024/Mar/21 [No types assigned] -
CVE Modified by [email protected]
Mar. 07, 2024
Action Type Old Value New Value Added Reference MITRE https://support.apple.com/kb/HT214084 [No types assigned] -
CVE Modified by [email protected]
Jan. 29, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ [No types assigned] -
CVE Modified by [email protected]
Jan. 29, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ [No types assigned] -
CVE Modified by [email protected]
Jan. 25, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html [No types assigned] Added Reference MITRE https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html [No types assigned] -
CVE Modified by [email protected]
Jan. 19, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ [No types assigned] -
CVE Modified by [email protected]
Jan. 18, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ [No types assigned] -
CVE Modified by [email protected]
Jan. 15, 2024
Action Type Old Value New Value Added Reference MITRE https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 [No types assigned] -
CVE Modified by [email protected]
Jan. 11, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ [No types assigned] -
CVE Modified by [email protected]
Jan. 11, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ [No types assigned] -
CVE Modified by [email protected]
Jan. 10, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ [No types assigned] -
CVE Modified by [email protected]
Jan. 09, 2024
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ [No types assigned] -
CVE Modified by [email protected]
Jan. 05, 2024
Action Type Old Value New Value Added Reference MITRE https://security.netapp.com/advisory/ntap-20240105-0004/ [No types assigned] -
CVE Modified by [email protected]
Dec. 30, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ [No types assigned] -
CVE Modified by [email protected]
Dec. 29, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ [No types assigned] Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ [No types assigned] -
Initial Analysis by [email protected]
Dec. 28, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Changed Reference Type http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html No Types Assigned http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory, VDB Entry Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/18/3 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/19/5 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/20/3 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation Changed Reference Type https://access.redhat.com/security/cve/cve-2023-48795 No Types Assigned https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory Changed Reference Type https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ No Types Assigned https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage Changed Reference Type https://bugs.gentoo.org/920280 No Types Assigned https://bugs.gentoo.org/920280 Issue Tracking Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=2254210 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking Changed Reference Type https://bugzilla.suse.com/show_bug.cgi?id=1217950 No Types Assigned https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking Changed Reference Type https://crates.io/crates/thrussh/versions No Types Assigned https://crates.io/crates/thrussh/versions Release Notes Changed Reference Type https://filezilla-project.org/versions.php No Types Assigned https://filezilla-project.org/versions.php Release Notes Changed Reference Type https://forum.netgate.com/topic/184941/terrapin-ssh-attack No Types Assigned https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking Changed Reference Type https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 No Types Assigned https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch Changed Reference Type https://github.com/advisories/GHSA-45x7-px36-x8w8 No Types Assigned https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory Changed Reference Type https://github.com/apache/mina-sshd/issues/445 No Types Assigned https://github.com/apache/mina-sshd/issues/445 Issue Tracking Changed Reference Type https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab No Types Assigned https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch Changed Reference Type https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 No Types Assigned https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory Changed Reference Type https://github.com/cyd01/KiTTY/issues/520 No Types Assigned https://github.com/cyd01/KiTTY/issues/520 Issue Tracking Changed Reference Type https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 No Types Assigned https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes Changed Reference Type https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 No Types Assigned https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch Changed Reference Type https://github.com/erlang/otp/releases/tag/OTP-26.2.1 No Types Assigned https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes Changed Reference Type https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d No Types Assigned https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch Changed Reference Type https://github.com/hierynomus/sshj/issues/916 No Types Assigned https://github.com/hierynomus/sshj/issues/916 Issue Tracking Changed Reference Type https://github.com/janmojzis/tinyssh/issues/81 No Types Assigned https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking Changed Reference Type https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 No Types Assigned https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch Changed Reference Type https://github.com/libssh2/libssh2/pull/1291 No Types Assigned https://github.com/libssh2/libssh2/pull/1291 Mitigation Changed Reference Type https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 No Types Assigned https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch Changed Reference Type https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 No Types Assigned https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch Changed Reference Type https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 No Types Assigned https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product Changed Reference Type https://github.com/mwiede/jsch/issues/457 No Types Assigned https://github.com/mwiede/jsch/issues/457 Issue Tracking Changed Reference Type https://github.com/mwiede/jsch/pull/461 No Types Assigned https://github.com/mwiede/jsch/pull/461 Release Notes Changed Reference Type https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 No Types Assigned https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch Changed Reference Type https://github.com/NixOS/nixpkgs/pull/275249 No Types Assigned https://github.com/NixOS/nixpkgs/pull/275249 Release Notes Changed Reference Type https://github.com/openssh/openssh-portable/commits/master No Types Assigned https://github.com/openssh/openssh-portable/commits/master Patch Changed Reference Type https://github.com/paramiko/paramiko/issues/2337 No Types Assigned https://github.com/paramiko/paramiko/issues/2337 Issue Tracking Changed Reference Type https://github.com/PowerShell/Win32-OpenSSH/issues/2189 No Types Assigned https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking Changed Reference Type https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta No Types Assigned https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes Changed Reference Type https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes Changed Reference Type https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes Changed Reference Type https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES No Types Assigned https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes Changed Reference Type https://github.com/proftpd/proftpd/issues/456 No Types Assigned https://github.com/proftpd/proftpd/issues/456 Issue Tracking Changed Reference Type https://github.com/rapier1/hpn-ssh/releases No Types Assigned https://github.com/rapier1/hpn-ssh/releases Release Notes Changed Reference Type https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst No Types Assigned https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes Changed Reference Type https://github.com/ronf/asyncssh/tags No Types Assigned https://github.com/ronf/asyncssh/tags Release Notes Changed Reference Type https://github.com/ssh-mitm/ssh-mitm/issues/165 No Types Assigned https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking Changed Reference Type https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 No Types Assigned https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch Changed Reference Type https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 No Types Assigned https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes Changed Reference Type https://github.com/warp-tech/russh/releases/tag/v0.40.2 No Types Assigned https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes Changed Reference Type https://gitlab.com/libssh/libssh-mirror/-/tags No Types Assigned https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes Changed Reference Type https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ No Types Assigned https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List Changed Reference Type https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg No Types Assigned https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List Changed Reference Type https://help.panic.com/releasenotes/transmit5/ No Types Assigned https://help.panic.com/releasenotes/transmit5/ Release Notes Changed Reference Type https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ No Types Assigned https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage Changed Reference Type https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html No Types Assigned https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory Changed Reference Type https://matt.ucc.asn.au/dropbear/CHANGES No Types Assigned https://matt.ucc.asn.au/dropbear/CHANGES Release Notes Changed Reference Type https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC No Types Assigned https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch Changed Reference Type https://news.ycombinator.com/item?id=38684904 No Types Assigned https://news.ycombinator.com/item?id=38684904 Issue Tracking Changed Reference Type https://news.ycombinator.com/item?id=38685286 No Types Assigned https://news.ycombinator.com/item?id=38685286 Issue Tracking Changed Reference Type https://news.ycombinator.com/item?id=38732005 No Types Assigned https://news.ycombinator.com/item?id=38732005 Issue Tracking Changed Reference Type https://nova.app/releases/#v11.8 No Types Assigned https://nova.app/releases/#v11.8 Release Notes Changed Reference Type https://oryx-embedded.com/download/#changelog No Types Assigned https://oryx-embedded.com/download/#changelog Release Notes Changed Reference Type https://roumenpetrov.info/secsh/#news20231220 No Types Assigned https://roumenpetrov.info/secsh/#news20231220 Release Notes Changed Reference Type https://security.gentoo.org/glsa/202312-16 No Types Assigned https://security.gentoo.org/glsa/202312-16 Third Party Advisory Changed Reference Type https://security.gentoo.org/glsa/202312-17 No Types Assigned https://security.gentoo.org/glsa/202312-17 Third Party Advisory Changed Reference Type https://security-tracker.debian.org/tracker/CVE-2023-48795 No Types Assigned https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory Changed Reference Type https://security-tracker.debian.org/tracker/source-package/libssh2 No Types Assigned https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory Changed Reference Type https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg No Types Assigned https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory Changed Reference Type https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 No Types Assigned https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking Changed Reference Type https://thorntech.com/cve-2023-48795-and-sftp-gateway/ No Types Assigned https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory Changed Reference Type https://twitter.com/TrueSkrillor/status/1736774389725565005 No Types Assigned https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage Changed Reference Type https://ubuntu.com/security/CVE-2023-48795 No Types Assigned https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory Changed Reference Type https://winscp.net/eng/docs/history#6.2.2 No Types Assigned https://winscp.net/eng/docs/history#6.2.2 Release Notes Changed Reference Type https://www.bitvise.com/ssh-client-version-history#933 No Types Assigned https://www.bitvise.com/ssh-client-version-history#933 Release Notes Changed Reference Type https://www.bitvise.com/ssh-server-version-history No Types Assigned https://www.bitvise.com/ssh-server-version-history Release Notes Changed Reference Type https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html No Types Assigned https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes Changed Reference Type https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update No Types Assigned https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes Changed Reference Type https://www.debian.org/security/2023/dsa-5586 No Types Assigned https://www.debian.org/security/2023/dsa-5586 Issue Tracking Changed Reference Type https://www.debian.org/security/2023/dsa-5588 No Types Assigned https://www.debian.org/security/2023/dsa-5588 Issue Tracking Changed Reference Type https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc No Types Assigned https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes Changed Reference Type https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 No Types Assigned https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory Changed Reference Type https://www.netsarang.com/en/xshell-update-history/ No Types Assigned https://www.netsarang.com/en/xshell-update-history/ Release Notes Changed Reference Type https://www.openssh.com/openbsd.html No Types Assigned https://www.openssh.com/openbsd.html Release Notes Changed Reference Type https://www.openssh.com/txt/release-9.6 No Types Assigned https://www.openssh.com/txt/release-9.6 Release Notes Changed Reference Type https://www.openwall.com/lists/oss-security/2023/12/18/2 No Types Assigned https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List Changed Reference Type https://www.openwall.com/lists/oss-security/2023/12/20/3 No Types Assigned https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation Changed Reference Type https://www.paramiko.org/changelog.html No Types Assigned https://www.paramiko.org/changelog.html Release Notes Changed Reference Type https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ No Types Assigned https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking Changed Reference Type https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ No Types Assigned https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage Changed Reference Type https://www.terrapin-attack.com No Types Assigned https://www.terrapin-attack.com Exploit Changed Reference Type https://www.theregister.com/2023/12/20/terrapin_attack_ssh No Types Assigned https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage Changed Reference Type https://www.vandyke.com/products/securecrt/history.txt No Types Assigned https://www.vandyke.com/products/securecrt/history.txt Release Notes Added CWE NIST CWE-354 Added CPE Configuration OR *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (excluding) 9.6 Added CPE Configuration OR *cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:* versions up to (excluding) 0.80 Added CPE Configuration OR *cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:* versions up to (excluding) 3.66.4 Added CPE Configuration OR *cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:* versions up to (including) 11.1.0 Added CPE Configuration AND OR *cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.4 OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:* versions up to (excluding) 11.8 OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:* versions up to (excluding) 14.4 Added CPE Configuration OR *cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:* versions up to (excluding) 6.2.2 Added CPE Configuration OR *cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:* versions up to (excluding) 9.33 Added CPE Configuration OR *cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:* versions up to (excluding) 9.32 Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:* versions up to (including) 3.66.4 Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:* *cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.3 Added CPE Configuration OR *cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* versions up to (excluding) 0.10.6 Added CPE Configuration OR *cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:* Added CPE Configuration OR *cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:* versions up to (including) 1.11.0 Added CPE Configuration OR *cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* versions up to (including) 1.3.8b Added CPE Configuration OR *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions up to (including) 12.4 Added CPE Configuration OR *cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:* versions up to (excluding) 0.35.1 Added CPE Configuration OR *cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:* versions up to (including) 5.1 Added CPE Configuration OR *cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:* versions up to (excluding) 2.3.4 Added CPE Configuration OR *cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* versions up to (including) 10.6.0 Added CPE Configuration OR *cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:* versions up to (excluding) build__0144 Added CPE Configuration OR *cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0 Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* *cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:* *cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:* versions up to (excluding) 0.17.0 Added CPE Configuration OR *cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:* versions up to (excluding) 0.40.2 Added CPE Configuration OR *cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.6 Added CPE Configuration OR *cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:* versions up to (excluding) 26.2.1 Added CPE Configuration OR *cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:* versions up to (excluding) 0.2.15 Added CPE Configuration OR *cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:* versions up to (excluding) 1.11.10 Added CPE Configuration OR *cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:* versions up to (excluding) 2.14.2 Added CPE Configuration OR *cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* versions up to (excluding) 2022.83 Added CPE Configuration OR *cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:* versions up to (excluding) 3.1.0-snapshot Added CPE Configuration OR *cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:* versions up to (excluding) 5.11 Added CPE Configuration OR *cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.6 Added CPE Configuration OR *cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:* versions up to (including) 23.09.1 Added CPE Configuration OR *cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:* versions up to (including) 2.7.2 Added CPE Configuration OR *cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* versions up to (excluding) 10.6.0 Added CPE Configuration OR *cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.22 Added CPE Configuration OR *cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:* versions up to (including) 2.11.0 Added CPE Configuration OR *cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:* versions up to (including) 0.37.0 Added CPE Configuration OR *cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:* versions up to (including) 20230101 Added CPE Configuration OR *cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:* versions up to (including) 0.76.1.13 Added CPE Configuration AND OR *cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:* OR cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:* -
CVE Modified by [email protected]
Dec. 28, 2023
Action Type Old Value New Value Added Reference MITRE https://security.gentoo.org/glsa/202312-16 [No types assigned] Added Reference MITRE https://security.gentoo.org/glsa/202312-17 [No types assigned] -
CVE Modified by [email protected]
Dec. 26, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html [No types assigned] -
CVE Modified by [email protected]
Dec. 24, 2023
Action Type Old Value New Value Added Reference MITRE https://github.com/ssh-mitm/ssh-mitm/issues/165 [No types assigned] Added Reference MITRE https://news.ycombinator.com/item?id=38732005 [No types assigned] -
CVE Modified by [email protected]
Dec. 24, 2023
Action Type Old Value New Value Added Reference MITRE https://www.debian.org/security/2023/dsa-5588 [No types assigned] -
CVE Modified by [email protected]
Dec. 24, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. -
CVE Modified by [email protected]
Dec. 22, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. Added Reference MITRE https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 [No types assigned] Added Reference MITRE https://www.theregister.com/2023/12/20/terrapin_attack_ssh [No types assigned] Added Reference MITRE https://filezilla-project.org/versions.php [No types assigned] Added Reference MITRE https://nova.app/releases/#v11.8 [No types assigned] Added Reference MITRE https://roumenpetrov.info/secsh/#news20231220 [No types assigned] Added Reference MITRE https://www.vandyke.com/products/securecrt/history.txt [No types assigned] Added Reference MITRE https://help.panic.com/releasenotes/transmit5/ [No types assigned] Added Reference MITRE https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta [No types assigned] Added Reference MITRE https://github.com/PowerShell/Win32-OpenSSH/issues/2189 [No types assigned] Added Reference MITRE https://winscp.net/eng/docs/history#6.2.2 [No types assigned] Added Reference MITRE https://www.bitvise.com/ssh-client-version-history#933 [No types assigned] Added Reference MITRE https://github.com/cyd01/KiTTY/issues/520 [No types assigned] -
CVE Modified by [email protected]
Dec. 22, 2023
Action Type Old Value New Value Added Reference MITRE https://www.debian.org/security/2023/dsa-5586 [No types assigned] -
CVE Modified by [email protected]
Dec. 22, 2023
Action Type Old Value New Value Added Reference MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ [No types assigned] -
CVE Modified by [email protected]
Dec. 21, 2023
Action Type Old Value New Value Added Reference MITRE http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. Added Reference MITRE https://www.openwall.com/lists/oss-security/2023/12/20/3 [No types assigned] Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 [No types assigned] Added Reference MITRE https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. Added Reference MITRE https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES [No types assigned] Added Reference MITRE https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES [No types assigned] Added Reference MITRE https://github.com/apache/mina-sshd/issues/445 [No types assigned] Added Reference MITRE https://github.com/hierynomus/sshj/issues/916 [No types assigned] Added Reference MITRE https://github.com/janmojzis/tinyssh/issues/81 [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/20/3 [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Added Reference MITRE https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Added Reference MITRE https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc [No types assigned] -
CVE Modified by [email protected]
Dec. 20, 2023
Action Type Old Value New Value Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/19/5 [No types assigned] -
CVE Modified by [email protected]
Dec. 19, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31. Added Reference MITRE https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES [No types assigned] Added Reference MITRE https://www.netsarang.com/en/xshell-update-history/ [No types assigned] Added Reference MITRE https://www.paramiko.org/changelog.html [No types assigned] Added Reference MITRE https://github.com/proftpd/proftpd/issues/456 [No types assigned] Added Reference MITRE https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 [No types assigned] Added Reference MITRE https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 [No types assigned] Added Reference MITRE https://oryx-embedded.com/download/#changelog [No types assigned] Added Reference MITRE https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update [No types assigned] Added Reference MITRE https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 [No types assigned] Added Reference MITRE https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab [No types assigned] Added Reference MITRE https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 [No types assigned] Added Reference MITRE https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC [No types assigned] Added Reference MITRE https://crates.io/crates/thrussh/versions [No types assigned] Added Reference MITRE https://github.com/NixOS/nixpkgs/pull/275249 [No types assigned] -
CVE Modified by [email protected]
Dec. 19, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31. Added Reference MITRE https://forum.netgate.com/topic/184941/terrapin-ssh-attack [No types assigned] Added Reference MITRE https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 [No types assigned] Added Reference MITRE https://github.com/rapier1/hpn-ssh/releases [No types assigned] -
CVE Modified by [email protected]
Dec. 19, 2023
Action Type Old Value New Value Added Reference MITRE https://github.com/libssh2/libssh2/pull/1291 [No types assigned] -
CVE Modified by [email protected]
Dec. 18, 2023
Action Type Old Value New Value Added Reference MITRE https://github.com/erlang/otp/releases/tag/OTP-26.2.1 [No types assigned] Added Reference MITRE https://github.com/advisories/GHSA-45x7-px36-x8w8 [No types assigned] Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/libssh2 [No types assigned] Added Reference MITRE https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg [No types assigned] Added Reference MITRE https://security-tracker.debian.org/tracker/CVE-2023-48795 [No types assigned] Added Reference MITRE https://bugzilla.suse.com/show_bug.cgi?id=1217950 [No types assigned] Added Reference MITRE https://bugzilla.redhat.com/show_bug.cgi?id=2254210 [No types assigned] Added Reference MITRE https://bugs.gentoo.org/920280 [No types assigned] Added Reference MITRE https://ubuntu.com/security/CVE-2023-48795 [No types assigned] Added Reference MITRE https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ [No types assigned] Added Reference MITRE https://access.redhat.com/security/cve/cve-2023-48795 [No types assigned] Added Reference MITRE https://github.com/mwiede/jsch/pull/461 [No types assigned] Added Reference MITRE https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 [No types assigned] -
CVE Modified by [email protected]
Dec. 18, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31. Added Reference MITRE https://github.com/mwiede/jsch/issues/457 [No types assigned] Added Reference MITRE https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 [No types assigned] -
CVE Modified by [email protected]
Dec. 18, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5. Added Reference MITRE https://github.com/paramiko/paramiko/issues/2337 [No types assigned] Added Reference MITRE https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg [No types assigned] Added Reference MITRE https://news.ycombinator.com/item?id=38684904 [No types assigned] Added Reference MITRE https://news.ycombinator.com/item?id=38685286 [No types assigned] Added Reference MITRE http://www.openwall.com/lists/oss-security/2023/12/18/3 [No types assigned] -
CVE Modified by [email protected]
Dec. 18, 2023
Action Type Old Value New Value Changed Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. Added Reference MITRE https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst [No types assigned] Added Reference MITRE https://thorntech.com/cve-2023-48795-and-sftp-gateway/ [No types assigned] Added Reference MITRE https://github.com/warp-tech/russh/releases/tag/v0.40.2 [No types assigned] Added Reference MITRE https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 [No types assigned] Added Reference MITRE https://www.openwall.com/lists/oss-security/2023/12/18/2 [No types assigned] Added Reference MITRE https://twitter.com/TrueSkrillor/status/1736774389725565005 [No types assigned] Added Reference MITRE https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d [No types assigned] -
CVE Received by [email protected]
Dec. 18, 2023
Action Type Old Value New Value Added Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17. Added Reference MITRE https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html [No types assigned] Added Reference MITRE https://matt.ucc.asn.au/dropbear/CHANGES [No types assigned] Added Reference MITRE https://www.openssh.com/openbsd.html [No types assigned] Added Reference MITRE https://github.com/openssh/openssh-portable/commits/master [No types assigned] Added Reference MITRE https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ [No types assigned] Added Reference MITRE https://www.bitvise.com/ssh-server-version-history [No types assigned] Added Reference MITRE https://github.com/ronf/asyncssh/tags [No types assigned] Added Reference MITRE https://gitlab.com/libssh/libssh-mirror/-/tags [No types assigned] Added Reference MITRE https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ [No types assigned] Added Reference MITRE https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 [No types assigned] Added Reference MITRE https://www.openssh.com/txt/release-9.6 [No types assigned] Added Reference MITRE https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ [No types assigned] Added Reference MITRE https://www.terrapin-attack.com [No types assigned] Added Reference MITRE https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-48795
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-48795
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
94.86 }} 0.25%
score
0.99460
percentile