5.9

CVE-2023-48795

Medienbericht
Exploit
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version < 9.6
PuTTYPuTTY Version < 0.80
Filezilla-projectFilezilla Client Version < 3.66.4
PanicTransmit 5 Version < 5.10.4
   ApplemacOS Version-
PanicNova Version < 11.8
   ApplemacOS Version-
RoumenpetrovPkixssh Version < 14.4
WinSCPWinSCP Version < 6.2.2
BitviseSsh Client Version < 9.33
BitviseSsh Server Version < 9.32
Lancom-systemsLcos Version <= 3.66.4
Lancom-systemsLcos Fx Version-
Lancom-systemsLcos Lx Version-
Lancom-systemsLcos Sx Version4.20
Lancom-systemsLcos Sx Version5.20
Lancom-systemsLanconfig Version-
VandykeSecurecrt Version < 9.4.3
LibsshLibssh Version < 0.10.6
Net-sshNet-ssh Version7.2.0 SwPlatformruby
Ssh2 ProjectSsh2 SwPlatformnode.js Version <= 1.11.0
ProftpdProftpd Version <= 1.3.8b
FreebsdFreebsd Version <= 12.4
CratesThrussh Version < 0.35.1
Tera Term ProjectTera Term Version <= 5.1
Oryx-embeddedCyclone Ssh Version < 2.3.4
CrushftpCrushftp Version <= 10.6.0
NetsarangXshell 7 Version < build__0144
ParamikoParamiko Version < 3.4.0
RedhatOpenstack Platform Version16.1
RedhatOpenstack Platform Version16.2
RedhatOpenstack Platform Version17.1
RedhatCeph Storage Version6.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatOpenshift Gitops Version-
RedhatStorage Version3.0
RedhatDiscovery Version-
RedhatKeycloak Version-
RedhatSingle Sign-on Version7.0
GolangCrypto Version < 0.17.0
Russh ProjectRussh SwPlatformrust Version < 0.40.2
Sftpgo ProjectSftpgo Version < 2.5.6
MatezJsch Version < 0.2.15
Libssh2Libssh2 Version < 1.11.1
Asyncssh ProjectAsyncssh Version < 2.14.2
Dropbear Ssh ProjectDropbear Ssh Version < 2022.83
JadaptiveMaverick Synergy Java Ssh Api Version < 3.1.0-snapshot
SshSsh Version < 4.9.1.5
SshSsh Version >= 4.10 < 4.11.1.7
SshSsh Version >= 4.12 < 4.13.2.4
SshSsh Version >= 4.14 < 4.15.3.1
SshSsh Version >= 5.0 < 5.1.1
ThorntechSftp Gateway Firmware Version < 3.4.6
NetgatePfsense Plus Version <= 23.09.1
NetgatePfsense Ce Version <= 2.7.2
CrushftpCrushftp Version < 10.6.0
ConnectbotSshlib Version < 2.2.22
ApacheSshd Version <= 2.11.0
ApacheSshj Version <= 0.37.0
TinysshTinyssh Version <= 20230101
TrileadSsh2 Version6401
9bisKitty Version <= 0.76.1.13
GentooSecurity Version-
   DebianDebian Linux Version-
FedoraprojectFedora Version38
FedoraprojectFedora Version39
DebianDebian Linux Version10.0
ApplemacOS Version >= 14.0 < 14.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.31% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://matt.ucc.asn.au/dropbear/CHANGES
Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Release Notes
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
Third Party Advisory
Mailing List
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
Release Notes
https://www.vandyke.com/products/securecrt/history.txt
Release Notes
https://www.debian.org/security/2023/dsa-5588
Issue Tracking
https://www.netsarang.com/en/xshell-update-history/
Release Notes
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
Mailing List
https://www.debian.org/security/2023/dsa-5586
Issue Tracking
https://www.paramiko.org/changelog.html
Release Notes
http://seclists.org/fulldisclosure/2024/Mar/21
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT214084
Third Party Advisory
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
Third Party Advisory
VDB Entry
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
Release Notes
https://www.terrapin-attack.com
Exploit
https://cert-portal.siemens.com/productcert/html/ssa-769027.html
http://www.openwall.com/lists/oss-security/2023/12/18/3
Mailing List
http://www.openwall.com/lists/oss-security/2023/12/19/5
Mailing List
http://www.openwall.com/lists/oss-security/2023/12/20/3
Mailing List
Mitigation
http://www.openwall.com/lists/oss-security/2024/03/06/3
Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/8
Mailing List
https://access.redhat.com/security/cve/cve-2023-48795
Third Party Advisory
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
Press/Media Coverage
https://bugs.gentoo.org/920280
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1217950
Issue Tracking
https://crates.io/crates/thrussh/versions
Release Notes
https://filezilla-project.org/versions.php
Release Notes
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
Issue Tracking
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
Patch
https://github.com/NixOS/nixpkgs/pull/275249
Release Notes
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
Release Notes
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
Patch
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
Release Notes
https://github.com/advisories/GHSA-45x7-px36-x8w8
Third Party Advisory
https://github.com/apache/mina-sshd/issues/445
Issue Tracking
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
Patch
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
Third Party Advisory
https://github.com/cyd01/KiTTY/issues/520
Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
Release Notes
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
Patch
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
Release Notes
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
Patch
https://github.com/hierynomus/sshj/issues/916
Issue Tracking
https://github.com/janmojzis/tinyssh/issues/81
Issue Tracking
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
Patch
https://github.com/libssh2/libssh2/pull/1291
Mitigation
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
Patch
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
Patch
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
Product
https://github.com/mwiede/jsch/issues/457
Issue Tracking
https://github.com/mwiede/jsch/pull/461
Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
Patch
https://github.com/openssh/openssh-portable/commits/master
Patch
https://github.com/paramiko/paramiko/issues/2337
Issue Tracking
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
Release Notes
https://github.com/proftpd/proftpd/issues/456
Issue Tracking
https://github.com/rapier1/hpn-ssh/releases
Release Notes
https://github.com/ronf/asyncssh/tags
Release Notes
https://github.com/ssh-mitm/ssh-mitm/issues/165
Issue Tracking
https://github.com/warp-tech/russh/releases/tag/v0.40.2
Release Notes
https://gitlab.com/libssh/libssh-mirror/-/tags
Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
Mailing List
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
Mailing List
https://help.panic.com/releasenotes/transmit5/
Release Notes
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
Press/Media Coverage
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
Third Party Advisory
Mailing List
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
Patch
https://news.ycombinator.com/item?id=38684904
Issue Tracking
https://news.ycombinator.com/item?id=38685286
Issue Tracking
https://news.ycombinator.com/item?id=38732005
Issue Tracking
https://nova.app/releases/#v11.8
Release Notes
https://oryx-embedded.com/download/#changelog
Release Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
Third Party Advisory
https://roumenpetrov.info/secsh/#news20231220
Release Notes
https://security-tracker.debian.org/tracker/CVE-2023-48795
Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/libssh2
Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
Issue Tracking
https://security.gentoo.org/glsa/202312-16
Third Party Advisory
https://security.gentoo.org/glsa/202312-17
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0004/
Third Party Advisory
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
Third Party Advisory
https://twitter.com/TrueSkrillor/status/1736774389725565005
Press/Media Coverage
https://ubuntu.com/security/CVE-2023-48795
Vendor Advisory
https://winscp.net/eng/docs/history#6.2.2
Release Notes
https://www.bitvise.com/ssh-client-version-history#933
Release Notes
https://www.bitvise.com/ssh-server-version-history
Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
Release Notes
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
Release Notes
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
Vendor Advisory
https://www.openssh.com/openbsd.html
Release Notes
https://www.openssh.com/txt/release-9.6
Release Notes
https://www.openwall.com/lists/oss-security/2023/12/18/2
Mailing List
https://www.openwall.com/lists/oss-security/2023/12/20/3
Mailing List
Mitigation
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
Issue Tracking
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
Press/Media Coverage
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
Press/Media Coverage
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://cert-portal.siemens.com/productcert/html/ssa-915275.html
https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
Third Party Advisory
Exploit
https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
https://cert-portal.siemens.com/productcert/html/ssa-364175.html