CVE-2023-6918

Updated: 2024-01-10 19:49:54.47948

Description:

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU libssh 0.10.4 5.3 MEDIUM In Testing 2024-02-20 13:12:38
CentOS 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
CentOS 7 ELS libssh2 1.8.0 5.3 MEDIUM Ignored 2024-01-05 08:37:51
CentOS 8.4 ELS libssh 0.9.4 5.3 MEDIUM In Testing 2024-02-20 08:27:51
CentOS 8.5 ELS libssh 0.9.4 5.3 MEDIUM In Testing 2024-02-20 08:27:51
CloudLinux 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
Oracle Linux 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
Ubuntu 16.04 ELS libssh2 1.5.0 5.3 MEDIUM Needs Triage 2024-02-06 02:46:52
Ubuntu 16.04 ELS libssh 0.6.3 5.3 MEDIUM In Testing 2024-02-19 16:09:01
Ubuntu 18.04 ELS libssh2 1.8.0 5.3 MEDIUM Needs Triage 2024-02-06 02:46:50
Total: 11