lxd vulnerability

2024-04-2209:47:43

Google

osv.dev

lxd

vulnerability

ssh

binary packet protocol

fabian bäumer

marcus brinkmann

jörg schwenk

handshake

sequence numbers

remote attacker

integrity checks

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.