CVE-2023-2283
Published: 9 May 2023
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
Priority
Status
Package | Release | Status |
---|---|---|
libssh Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Released
(0.9.3-2ubuntu2.3)
|
|
jammy |
Released
(0.9.6-2ubuntu0.22.04.1)
|
|
kinetic |
Released
(0.9.6-2ubuntu0.22.10.1)
|
|
lunar |
Released
(0.10.4-2ubuntu0.1)
|
|
mantic |
Released
(0.10.5-2)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(0.10.5)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=05de7cb6ac713dd0b7c10039e3bdbd246f3392aa upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=b3d19cc31d5c4b7bfa7f7e2f1e852732dd0e9be4 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |