NULL Pointer Dereference in Libssh During Re-Keying Process Impacting Multiple Vendors
CVE-2023-1667

6.5MEDIUM

Key Information:

Vendor: Libssh
Status: libssh
Vendor: CVE Published:; 26 May 2023

What is CVE-2023-1667?

A NULL pointer dereference vulnerability has been identified in libssh that could be exploited during the re-keying process through algorithm guessing. This flaw allows an authenticated client to potentially trigger a denial of service, disrupting service availability. It is crucial for system administrators using affected versions to implement updates and mitigate potential risks associated with this vulnerability.

Affected Version(s)

libssh libssh-2

References

https://access.redhat.com/security/cve/CVE-2023-1667

https://bugzilla.redhat.com/show_bug.cgi?id=2182199

http://www.libssh.org/security/advisories/CVE-2023-1667.txt

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2023
Vulnerability Reserved
Mar 27, 2023

JSON