CVE-2023-1667 — NULL Pointer Dereference in Libssh

CWE-476 — NULL Pointer Dereference CWE-20 — Improper Input Validation9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedMay 26

Latest updateSep 21

Description

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶Debianlibssh/libssh< 0.9.7-0+deb11u1+3

▶Ubuntulibssh/libssh< 0.9.3-2ubuntu2.3+1

▶NVDlibssh/libssh0.9.1 — 0.9.6+1

▶CVEListV5libssh/libsshlibssh-2

Also affects: Debian Linux 10.0, Fedora 37, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

Denial of Service issue in quinn-proto↗2023-09-21

▶

OSV

libssh vulnerabilities↗2023-06-05

▶

OSV

CVE-2023-1667: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing↗2023-05-26

▶

GHSA

GHSA-fx73-x3p9-h2wf: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing↗2023-05-26

▶

CVEList

CVE-2023-1667: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing↗2023-05-26

▶

📋Vendor Advisories

Ubuntu

libssh vulnerabilities↗2023-06-05

▶

Red Hat

libssh: NULL pointer dereference during rekeying with algorithm guessing↗2023-04-30

▶

Debian

CVE-2023-1667: libssh - A NULL pointer dereference was found In libssh during re-keying with algorithm g...↗2023

▶