Input validation error in libssh - CVE-2023-1667
Published: May 4, 2023
Vulnerability identifier: #VU75741
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-1667
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: libssh
Affected software:
libssh
libssh
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
How to mitigate CVE-2023-1667
Install updates from vendor's website.
Sources
- https://git.libssh.org/projects/libssh.git/commit/?id=4e8db9d44b73b2b2bd77172125f1bdb0b7b172f3
- https://git.libssh.org/projects/libssh.git/commit/?id=8bb17c46a80aabe040758d0b80d830aa6f7f6f82
- https://git.libssh.org/projects/libssh.git/commit/?id=08386d4787f8f532ae289b2a49211486a6af48a9
- https://git.libssh.org/projects/libssh.git/commit/?id=8dbe055328ca8cd33d798d647ed423ae8cba0b90
- https://git.libssh.org/projects/libssh.git/commit/?id=cd0aa0bd913a7f446b94ff14c5e72edcea53581f
- https://git.libssh.org/projects/libssh.git/commit/?id=f455ffe8b84df145a28eedb53dd3d72f3171e490
- https://git.libssh.org/projects/libssh.git/commit/?id=1c85acb6e6340588d298f2eba4df983a04dc44c5
- https://git.libssh.org/projects/libssh.git/commit/?id=4fb6bccf22ed9c1b74ba89ba53c281762acfa1ec
- https://git.libssh.org/projects/libssh.git/commit/?id=fa902a37aefbe2215654c3f902ee6add1ece0200
- https://git.libssh.org/projects/libssh.git/commit/?id=df350d3aa4c3fce565762746a4432d776faaeadc
- https://git.libssh.org/projects/libssh.git/commit/?id=3981aeede2e2c07bb947ccbe8d44edcb1498fc3d