Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-46445

Good to know:

icon
icon

Date: November 13, 2023

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

Language: Python

Severity Score

Related Resources (15)

https://www.terrapin-attack.com
https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
https://security.netapp.com/advisory/ntap-20231222-0001
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
https://security.netapp.com/advisory/ntap-20231222-0001/
https://security-tracker.debian.org/tracker/CVE-2023-46445
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
https://github.com/ronf/asyncssh
https://nvd.nist.gov/vuln/detail/CVE-2023-46445
https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://www.mend.io/vulnerability-database/CVE-2023-46445

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Improper Validation of Integrity Check Value

CWE-354

Top Fix

icon

Upgrade Version

Upgrade to version asyncssh - 2.14.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us