Multiple vulnerabilities in libssh
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-2283 CVE-2023-1667 |
| CWE-ID | CWE-287 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
libssh Universal components / Libraries / Libraries used by multiple products |
| Vendor | libssh |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU75740
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2283
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionslibssh: 0.9.0 - 0.10.4
External linkshttp://git.libssh.org/projects/libssh.git/commit/?id=0bda152ad24d96d6bef07d1f96152b473298ddb1
http://git.libssh.org/projects/libssh.git/commit/?id=4b5ccd4995e096151ec7cdd181e20ee62366d64f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU75741
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionslibssh: 0.9.0 - 0.10.4
External linkshttp://git.libssh.org/projects/libssh.git/commit/?id=4e8db9d44b73b2b2bd77172125f1bdb0b7b172f3
http://git.libssh.org/projects/libssh.git/commit/?id=8bb17c46a80aabe040758d0b80d830aa6f7f6f82
http://git.libssh.org/projects/libssh.git/commit/?id=08386d4787f8f532ae289b2a49211486a6af48a9
http://git.libssh.org/projects/libssh.git/commit/?id=8dbe055328ca8cd33d798d647ed423ae8cba0b90
http://git.libssh.org/projects/libssh.git/commit/?id=cd0aa0bd913a7f446b94ff14c5e72edcea53581f
http://git.libssh.org/projects/libssh.git/commit/?id=f455ffe8b84df145a28eedb53dd3d72f3171e490
http://git.libssh.org/projects/libssh.git/commit/?id=1c85acb6e6340588d298f2eba4df983a04dc44c5
http://git.libssh.org/projects/libssh.git/commit/?id=4fb6bccf22ed9c1b74ba89ba53c281762acfa1ec
http://git.libssh.org/projects/libssh.git/commit/?id=fa902a37aefbe2215654c3f902ee6add1ece0200
http://git.libssh.org/projects/libssh.git/commit/?id=df350d3aa4c3fce565762746a4432d776faaeadc
http://git.libssh.org/projects/libssh.git/commit/?id=3981aeede2e2c07bb947ccbe8d44edcb1498fc3d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
