libssh.so is vulnerable to Authorization Bypass. The vulnerability exists in the pki_crypto.c
because the pki_verify_data_signature
can accept invalid signatures when some memory allocations fail.
packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html
access.redhat.com/security/cve/CVE-2023-2283
bugzilla.redhat.com/show_bug.cgi?id=2189736
bugzilla.suse.com/show_bug.cgi?id=1211190
git.libssh.org/projects/libssh.git/commit/?id=0bda152ad24d96d6bef07d1f96152b473298ddb1
git.libssh.org/projects/libssh.git/commit/?id=4b5ccd4995e096151ec7cdd181e20ee62366d64f
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
lists.fedoraproject.org/archives/list/[email protected]/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
security.gentoo.org/glsa/202312-05
security.netapp.com/advisory/ntap-20240201-0005/
www.libssh.org/2023/05/04/libssh-0-10-5-and-libssh-0-9-7-security-releases/
www.libssh.org/security/advisories/CVE-2023-2283.txt