CVE-2023-3603NULL Pointer Dereference in Libssh

CWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 69.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibsshDebian Libssh
Timeline
PublishedJul 21

Description

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDlibssh/libssh< 0.8.9
debiandebian/libssh

🔴Vulnerability Details

1
GHSA
GHSA-2c4f-vgwr-82q6: A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions2023-07-21

📋Vendor Advisories

2
Red Hat
libssh: Processing SFTP server read may cause NULL dereference2023-07-10
Debian
CVE-2023-3603: libssh - A missing allocation check in sftp server processing read requests may cause a N...2023
CVE-2023-3603 — NULL Pointer Dereference in Libssh | cvebase