CVE-2013-4548 — Openssh vulnerability

CWE-2649 documents9 sources

Severity

6.0MEDIUMNVD

EPSS

0.3%

top 46.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedNov 8

Latest updateMay 13

Description

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:6.4p1-1+3

▶NVDopenbsd/openssh6.2, 6.3+1

🔴Vulnerability Details

GHSA

GHSA-wg6r-5vgg-89fv: The mm_newkeys_from_blob function in monitor_wrap↗2022-05-13

▶

OSV

CVE-2013-4548: The mm_newkeys_from_blob function in monitor_wrap↗2013-11-08

▶

CVEList

CVE-2013-4548: The mm_newkeys_from_blob function in monitor_wrap↗2013-11-08

▶

📋Vendor Advisories

BSD

FreeBSD-SA-13:14.openssh: OpenSSH AES-GCM memory corruption vulnerability↗2013-11-19

▶

Ubuntu

OpenSSH vulnerability↗2013-11-08

▶

Red Hat

openssh: post-auth memory corruption when using AES-GCM cipher↗2013-11-07

▶

Debian

CVE-2013-4548: openssh - The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6...↗2013

▶

💬Community

Bugzilla

CVE-2013-4548 openssh: post-auth memory corruption when using AES-GCM cipher↗2013-11-08

▶