CVE-2023-2283
published 2023-05-26CVE-2023-2283: A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libssh | < libssh 0.10.5-1 (bookworm) | libssh 0.10.5-1 (bookworm) |
| fedoraproject | fedora | — | — |
| libssh | libssh | — | — |
| libssh | libssh | >= 0 < 0.9.7-0+deb11u1 | 0.9.7-0+deb11u1 |
| libssh | libssh | >= 0 < 0.10.5-1 | 0.10.5-1 |
| libssh | libssh | >= 0 < 0.10.5-1 | 0.10.5-1 |
| libssh | libssh | >= 0 < 0.10.5-1 | 0.10.5-1 |
| libssh | libssh | >= 0 < 0.9.3-2ubuntu2.3 | 0.9.3-2ubuntu2.3 |
| libssh | libssh | >= 0 < 0.9.6-2ubuntu0.22.04.1 | 0.9.6-2ubuntu0.22.04.1 |
| libssh | libssh | 0.10.0 – 0.10.4 | — |
| libssh | libssh | 0.9.1 – 0.9.6 | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM