Libssh: missing checks for return values for digests
CVE-2023-6918

3.7LOW

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
19 December 2023

What is CVE-2023-6918?

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 8 0:0.9.6-14.el8

Red Hat Enterprise Linux 8 0:0.9.6-14.el8

Red Hat Enterprise Linux 9 0:0.10.4-13.el9

References

https://access.redhat.com/errata/RHSA-2024:2504
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3233
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6918
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue.
JSON
.