CVE-2023-1667

2023-05-2618:15:10

CWE-476

[email protected]

web.nvd.nist.gov

libssh

re-keying

denial of service

authenticated client

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Affected configurations

Nvd

Node

libsshlibsshRange0.9.1–0.9.6

libsshlibsshRange0.10.0–0.10.4

Node

fedoraprojectfedoraMatch37

Node

debiandebian_linuxMatch10.0

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

VendorProductVersionCPE
libsshlibssh*cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libssh	libssh	*	cpe:2.3:a:libssh:libssh::::::::
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*