CVE-2023-2283
Published: 9 May 2023
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libssh Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Released
(0.9.3-2ubuntu2.3)
|
|
| jammy |
Released
(0.9.6-2ubuntu0.22.04.1)
|
|
| kinetic |
Released
(0.9.6-2ubuntu0.22.10.1)
|
|
| lunar |
Released
(0.10.4-2ubuntu0.1)
|
|
| mantic |
Released
(0.10.5-2)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Released
(0.10.5)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=05de7cb6ac713dd0b7c10039e3bdbd246f3392aa upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=b3d19cc31d5c4b7bfa7f7e2f1e852732dd0e9be4 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |