CVE-2023-6918

Updated: 2024-09-16 22:26:32.727986

Description:

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU libssh 0.10.4 5.3 MEDIUM Released CLSA-2024:1709547699 2024-03-04 08:43:31
CentOS 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
CentOS 7 ELS libssh2 1.8.0 5.3 MEDIUM Ignored 2024-01-05 08:37:51
CentOS 8.4 ELS libssh 0.9.4 5.3 MEDIUM Released CLSA-2024:1709561144 2024-03-04 10:10:11
CentOS 8.5 ELS libssh 0.9.4 5.3 MEDIUM Released CLSA-2024:1709562050 2024-03-04 10:10:10
CloudLinux 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
Oracle Linux 6 ELS libssh2 1.4.2 5.3 MEDIUM Ignored 2024-01-05 08:37:51
Ubuntu 16.04 ELS libssh2 1.5.0 5.3 MEDIUM Not Vulnerable 2024-03-07 08:52:10
Ubuntu 16.04 ELS libssh 0.6.3 5.3 MEDIUM Released CLSA-2024:1709562468 2024-03-04 10:09:15
Ubuntu 18.04 ELS libssh 0.8.0 5.3 MEDIUM Released CLSA-2024:1709563150 2024-03-04 10:09:16
Total: 11