Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6918

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Published

2023-12-19T00:15:08.460

Last Modified

2025-02-15T01:15:09.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-252
Type: Primary
CWE-252

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libssh	libssh	< 0.9.8	Yes
Application	libssh	libssh	< 0.10.6	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2024:2504 ([email protected])
https://access.redhat.com/errata/RHSA-2024:3233 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-6918 Mailing List, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2254997 Issue Tracking, Third Party Advisory ([email protected])
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ Release Notes ([email protected])
https://www.libssh.org/security/advisories/CVE-2023-6918.txt Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:2504 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:3233 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-6918 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2254997 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250214-0009/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.libssh.org/security/advisories/CVE-2023-6918.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)