Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

Published

2023-11-14T03:15:09.573

Last Modified

2025-11-03T22:16:28.743

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	asyncssh_project	asyncssh	< 2.14.1	Yes

References

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html ([email protected])
https://github.com/advisories/GHSA-c35q-ffpf-5qpm ([email protected])
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst ([email protected])
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/ ([email protected])
https://security.netapp.com/advisory/ntap-20231222-0001/ ([email protected])
https://www.terrapin-attack.com ([email protected])
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-c35q-ffpf-5qpm (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231222-0001/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.terrapin-attack.com (af854a3a-2127-422b-91ae-364da2661108)