CVE-2023-46445

CWE-345 CWE-354 CWE-34912 documents7 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 34.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asyncssh Project Asyncssh

Timeline

PublishedNov 14

Latest updateDec 12

Description

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶PyPIasyncssh< 2.14.1

▶NVDasyncssh_project/asyncssh< 2.14.1

▶Debianpython-asyncssh< 2.5.0-0.1+deb11u1+3

▶Ubuntupython-asyncssh< 1.12.2-1ubuntu0.2+3

🔴Vulnerability Details

OSV

python-asyncssh vulnerabilities↗2024-12-12

▶

OSV

python-asyncssh vulnerabilities↗2024-11-18

▶

CVEList

CVE-2023-46445: An issue in AsyncSSH before 2↗2023-11-14

▶

OSV

CVE-2023-46445: An issue in AsyncSSH v2↗2023-11-14

▶

OSV

CVE-2023-46445: An issue in AsyncSSH before 2↗2023-11-14

▶

📋Vendor Advisories

Ubuntu

AsyncSSH vulnerabilities↗2024-12-12

▶

Ubuntu

AsyncSSH vulnerabilities↗2024-11-18

▶

Red Hat

python-asyncssh: Rogue Extension Negotiation↗2023-11-13

▶

Debian

CVE-2023-46445: python-asyncssh - An issue in AsyncSSH before 2.14.1 allows attackers to control the extension inf...↗2023

▶