Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Published

2023-12-18T16:15:10.897

Last Modified

2025-05-23T02:24:58.787

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-354

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	openssh	< 9.6	Yes
Application	putty	putty	< 0.80	Yes
Application	filezilla-project	filezilla_client	< 3.66.4	Yes
Operating System	apple	macos	-	No
Application	panic	transmit_5	< 5.10.4	Yes
Operating System	apple	macos	-	No
Application	panic	nova	< 11.8	Yes
Application	roumenpetrov	pkixssh	< 14.4	Yes
Application	winscp	winscp	< 6.2.2	Yes
Application	bitvise	ssh_client	< 9.33	Yes
Application	bitvise	ssh_server	< 9.32	Yes
Operating System	lancom-systems	lcos	≤ 3.66.4	Yes
Operating System	lancom-systems	lcos_fx	-	Yes
Operating System	lancom-systems	lcos_lx	-	Yes
Operating System	lancom-systems	lcos_sx	4.20	Yes
Operating System	lancom-systems	lcos_sx	5.20	Yes
Operating System	lancom-systems	lanconfig	-	Yes
Application	vandyke	securecrt	< 9.4.3	Yes
Application	libssh	libssh	< 0.10.6	Yes
Application	net-ssh	net-ssh	7.2.0	Yes
Application	ssh2_project	ssh2	≤ 1.11.0	Yes
Application	proftpd	proftpd	≤ 1.3.8b	Yes
Operating System	freebsd	freebsd	≤ 12.4	Yes
Application	crates	thrussh	< 0.35.1	Yes
Application	tera_term_project	tera_term	≤ 5.1	Yes
Application	oryx-embedded	cyclone_ssh	< 2.3.4	Yes
Application	crushftp	crushftp	≤ 10.6.0	Yes
Application	netsarang	xshell_7	< build__0144	Yes
Application	paramiko	paramiko	< 3.4.0	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Application	redhat	openstack_platform	16.1	Yes
Application	redhat	openstack_platform	16.2	Yes
Application	redhat	openstack_platform	17.1	Yes
Application	redhat	ceph_storage	6.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Application	redhat	openshift_serverless	-	Yes
Application	redhat	openshift_gitops	-	Yes
Application	redhat	openshift_pipelines	-	Yes
Application	redhat	openshift_developer_tools_and_services	-	Yes
Application	redhat	openshift_data_foundation	4.0	Yes
Application	redhat	openshift_api_for_data_protection	-	Yes
Application	redhat	openshift_virtualization	4	Yes
Application	redhat	storage	3.0	Yes
Application	redhat	discovery	-	Yes
Application	redhat	openshift_dev_spaces	-	Yes
Application	redhat	cert-manager_operator_for_red_hat_openshift	-	Yes
Application	redhat	keycloak	-	Yes
Application	redhat	jboss_enterprise_application_platform	7.0	Yes
Application	redhat	single_sign-on	7.0	Yes
Application	redhat	advanced_cluster_security	3.0	Yes
Application	redhat	advanced_cluster_security	4.0	Yes
Application	golang	crypto	< 0.17.0	Yes
Application	russh_project	russh	< 0.40.2	Yes
Application	sftpgo_project	sftpgo	< 2.5.6	Yes
Application	erlang	erlang\/otp	< 22.3.4.27	Yes
Application	erlang	erlang\/otp	< 23.3.4.20	Yes
Application	erlang	erlang\/otp	< 24.3.4.15	Yes
Application	erlang	erlang\/otp	< 25.3.2.8	Yes
Application	erlang	erlang\/otp	< 26.2.1	Yes
Application	matez	jsch	< 0.2.15	Yes
Application	libssh2	libssh2	< 1.11.1	Yes
Application	asyncssh_project	asyncssh	< 2.14.2	Yes
Application	dropbear_ssh_project	dropbear_ssh	< 2022.83	Yes
Application	jadaptive	maverick_synergy_java_ssh_api	< 3.1.0-snapshot	Yes
Application	ssh	ssh	< 4.9.1.5	Yes
Application	ssh	ssh	< 4.11.1.7	Yes
Application	ssh	ssh	< 4.13.2.4	Yes
Application	ssh	ssh	< 4.15.3.1	Yes
Application	ssh	ssh	< 5.1.1	Yes
Operating System	thorntech	sftp_gateway_firmware	< 3.4.6	Yes
Application	netgate	pfsense_plus	≤ 23.09.1	Yes
Application	netgate	pfsense_ce	≤ 2.7.2	Yes
Application	crushftp	crushftp	< 10.6.0	Yes
Application	connectbot	sshlib	< 2.2.22	Yes
Application	apache	sshd	≤ 2.11.0	Yes
Application	apache	sshj	≤ 0.37.0	Yes
Application	tinyssh	tinyssh	≤ 20230101	Yes
Application	trilead	ssh2	6401	Yes
Application	9bis	kitty	≤ 0.76.1.13	Yes
Application	gentoo	security	-	Yes
Operating System	debian	debian_linux	-	No
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	apple	macos	< 14.4	Yes

References

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation ([email protected])
http://www.openwall.com/lists/oss-security/2024/03/06/3 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2024/04/17/8 Mailing List ([email protected])
https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory ([email protected])
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage ([email protected])
https://bugs.gentoo.org/920280 Issue Tracking ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking ([email protected])
https://crates.io/crates/thrussh/versions Release Notes ([email protected])
https://filezilla-project.org/versions.php Release Notes ([email protected])
https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch ([email protected])
https://github.com/NixOS/nixpkgs/pull/275249 Release Notes ([email protected])
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking ([email protected])
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes ([email protected])
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch ([email protected])
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes ([email protected])
https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory ([email protected])
https://github.com/apache/mina-sshd/issues/445 Issue Tracking ([email protected])
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch ([email protected])
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory ([email protected])
https://github.com/cyd01/KiTTY/issues/520 Issue Tracking ([email protected])
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes ([email protected])
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch ([email protected])
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes ([email protected])
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch ([email protected])
https://github.com/hierynomus/sshj/issues/916 Issue Tracking ([email protected])
https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking ([email protected])
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch ([email protected])
https://github.com/libssh2/libssh2/pull/1291 Mitigation ([email protected])
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch ([email protected])
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch ([email protected])
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product ([email protected])
https://github.com/mwiede/jsch/issues/457 Issue Tracking ([email protected])
https://github.com/mwiede/jsch/pull/461 Release Notes ([email protected])
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch ([email protected])
https://github.com/openssh/openssh-portable/commits/master Patch ([email protected])
https://github.com/paramiko/paramiko/issues/2337 Issue Tracking ([email protected])
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes ([email protected])
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes ([email protected])
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes ([email protected])
https://github.com/proftpd/proftpd/issues/456 Issue Tracking ([email protected])
https://github.com/rapier1/hpn-ssh/releases Release Notes ([email protected])
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes ([email protected])
https://github.com/ronf/asyncssh/tags Release Notes ([email protected])
https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking ([email protected])
https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes ([email protected])
https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes ([email protected])
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List ([email protected])
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List ([email protected])
https://help.panic.com/releasenotes/transmit5/ Release Notes ([email protected])
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage ([email protected])
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List ([email protected])
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List, Third Party Advisory ([email protected])
https://matt.ucc.asn.au/dropbear/CHANGES Release Notes ([email protected])
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch ([email protected])
https://news.ycombinator.com/item?id=38684904 Issue Tracking ([email protected])
https://news.ycombinator.com/item?id=38685286 Issue Tracking ([email protected])
https://news.ycombinator.com/item?id=38732005 Issue Tracking ([email protected])
https://nova.app/releases/#v11.8 Release Notes ([email protected])
https://oryx-embedded.com/download/#changelog Release Notes ([email protected])
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory ([email protected])
https://roumenpetrov.info/secsh/#news20231220 Release Notes ([email protected])
https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory ([email protected])
https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory ([email protected])
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory ([email protected])
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking ([email protected])
https://security.gentoo.org/glsa/202312-16 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202312-17 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214084 Third Party Advisory ([email protected])
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory ([email protected])
https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage ([email protected])
https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory ([email protected])
https://winscp.net/eng/docs/history#6.2.2 Release Notes ([email protected])
https://www.bitvise.com/ssh-client-version-history#933 Release Notes ([email protected])
https://www.bitvise.com/ssh-server-version-history Release Notes ([email protected])
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes ([email protected])
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes ([email protected])
https://www.debian.org/security/2023/dsa-5586 Issue Tracking ([email protected])
https://www.debian.org/security/2023/dsa-5588 Issue Tracking ([email protected])
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes ([email protected])
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory ([email protected])
https://www.netsarang.com/en/xshell-update-history/ Release Notes ([email protected])
https://www.openssh.com/openbsd.html Release Notes ([email protected])
https://www.openssh.com/txt/release-9.6 Release Notes ([email protected])
https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List ([email protected])
https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation ([email protected])
https://www.paramiko.org/changelog.html Release Notes ([email protected])
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking ([email protected])
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage ([email protected])
https://www.terrapin-attack.com Exploit ([email protected])
https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage ([email protected])
https://www.vandyke.com/products/securecrt/history.txt Release Notes ([email protected])
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/21 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/06/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/04/17/8 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/920280 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://crates.io/crates/thrussh/versions Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://filezilla-project.org/versions.php Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/NixOS/nixpkgs/pull/275249 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/mina-sshd/issues/445 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cyd01/KiTTY/issues/520 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hierynomus/sshj/issues/916 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libssh2/libssh2/pull/1291 Mitigation (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mwiede/jsch/issues/457 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mwiede/jsch/pull/461 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openssh/openssh-portable/commits/master Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/paramiko/paramiko/issues/2337 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/proftpd/proftpd/issues/456 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rapier1/hpn-ssh/releases Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ronf/asyncssh/tags Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://help.panic.com/releasenotes/transmit5/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://matt.ucc.asn.au/dropbear/CHANGES Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=38684904 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=38685286 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=38732005 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://nova.app/releases/#v11.8 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://oryx-embedded.com/download/#changelog Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://roumenpetrov.info/secsh/#news20231220 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202312-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202312-17 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240105-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214084 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://winscp.net/eng/docs/history#6.2.2 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.bitvise.com/ssh-client-version-history#933 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.bitvise.com/ssh-server-version-history Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5586 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5588 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.netsarang.com/en/xshell-update-history/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssh.com/openbsd.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssh.com/txt/release-9.6 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List, Mitigation (af854a3a-2127-422b-91ae-364da2661108)
https://www.paramiko.org/changelog.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://www.terrapin-attack.com Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
https://www.vandyke.com/products/securecrt/history.txt Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)