Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

Published

2023-11-14T03:15:09.470

Last Modified

2025-11-03T22:16:28.613

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	asyncssh_project	asyncssh	< 2.14.1	Yes

References

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html ([email protected])
https://github.com/advisories/GHSA-cfc2-wr2v-gxm5 ([email protected])
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst ([email protected])
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/ ([email protected])
https://security.netapp.com/advisory/ntap-20231222-0001/ ([email protected])
https://www.terrapin-attack.com ([email protected])
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-cfc2-wr2v-gxm5 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231222-0001/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.terrapin-attack.com (af854a3a-2127-422b-91ae-364da2661108)