CVE-2023-6918
Libssh: missing checks for return values for digests
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
Se encontró un fallo en la capa abstracta de implementación de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptográficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podría causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. En este caso, las claves que no coinciden resultarán en fallas de descifrado/integridad, lo que terminará la conexión.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-18 CVE Reserved
- 2023-12-18 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-252: Unchecked Return Value
CAPEC
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | >= 0.9.0 < 0.9.8 Search vendor "Libssh" for product "Libssh" and version " >= 0.9.0 < 0.9.8" | - |
Affected
| ||||||
Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | >= 0.10.0 < 0.10.6 Search vendor "Libssh" for product "Libssh" and version " >= 0.10.0 < 0.10.6" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
|