Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-2283

Date: May 25, 2023

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the"pki_verify_data_signature" function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value "rc," which is initialized to SSH_ERROR and later rewritten to save the return value of the function call "pki_key_check_hash_compatible." The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls "goto error" returning SSH_OK.

Language: C

Severity Score

Related Resources (11)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
https://bugzilla.redhat.com/show_bug.cgi?id=2189736
https://nvd.nist.gov/vuln/detail/CVE-2023-2283
https://security.gentoo.org/glsa/202312-05
https://security.netapp.com/advisory/ntap-20240201-0005/
http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html
https://www.libssh.org/security/advisories/CVE-2023-2283.txt
https://security-tracker.debian.org/tracker/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2283
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
https://www.mend.io/vulnerability-database/CVE-2023-2283

Severity Score

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us