5.3

CVE-2023-6918

EPSS 0.36%
Published 19.12.2023 00:15:08
Last modified 15.02.2025 01:15:09
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Libssh ≫ Libssh Version >= 0.9.0 < 0.9.8

Libssh ≫ Libssh Version >= 0.10.0 < 0.10.6

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.576

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
secalert@redhat.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://access.redhat.com/errata/RHSA-2024:2504

https://access.redhat.com/errata/RHSA-2024:3233

https://access.redhat.com/security/cve/CVE-2023-6918

Vendor Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=2254997

Third Party Advisory

Issue Tracking

https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/

Release Notes

https://www.libssh.org/security/advisories/CVE-2023-6918.txt

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

https://security.netapp.com/advisory/ntap-20250214-0009/

https://nvd.nist.gov/vuln/detail/CVE-2023-6918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6918

EUVD