The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
Link Providers
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2024/Mar/21 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2023/12/18/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2023/12/19/5 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2023/12/20/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2024/03/06/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2024/04/17/8 cve-icon cve-icon
https://access.redhat.com/security/cve/cve-2023-48795 cve-icon cve-icon
https://access.redhat.com/solutions/7071748 cve-icon
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ cve-icon cve-icon
https://bugs.gentoo.org/920280 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 cve-icon cve-icon
https://bugzilla.suse.com/show_bug.cgi?id=1217950 cve-icon cve-icon
https://crates.io/crates/thrussh/versions cve-icon cve-icon
https://filezilla-project.org/versions.php cve-icon cve-icon
https://forum.netgate.com/topic/184941/terrapin-ssh-attack cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 cve-icon cve-icon
https://github.com/NixOS/nixpkgs/pull/275249 cve-icon cve-icon
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 cve-icon cve-icon
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta cve-icon cve-icon
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 cve-icon cve-icon
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 cve-icon cve-icon
https://github.com/advisories/GHSA-45x7-px36-x8w8 cve-icon cve-icon
https://github.com/apache/mina-sshd/issues/445 cve-icon cve-icon
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab cve-icon cve-icon
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 cve-icon cve-icon
https://github.com/cyd01/KiTTY/issues/520 cve-icon cve-icon
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 cve-icon cve-icon
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 cve-icon cve-icon
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 cve-icon cve-icon
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d cve-icon cve-icon
https://github.com/hierynomus/sshj/issues/916 cve-icon cve-icon
https://github.com/janmojzis/tinyssh/issues/81 cve-icon cve-icon
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 cve-icon cve-icon
https://github.com/libssh2/libssh2/pull/1291 cve-icon cve-icon
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 cve-icon cve-icon
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 cve-icon cve-icon
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 cve-icon cve-icon
https://github.com/mwiede/jsch/issues/457 cve-icon cve-icon
https://github.com/mwiede/jsch/pull/461 cve-icon cve-icon
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 cve-icon cve-icon
https://github.com/openssh/openssh-portable/commits/master cve-icon cve-icon
https://github.com/paramiko/paramiko/issues/2337 cve-icon cve-icon
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES cve-icon cve-icon
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES cve-icon cve-icon
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES cve-icon cve-icon
https://github.com/proftpd/proftpd/issues/456 cve-icon cve-icon
https://github.com/rapier1/hpn-ssh/releases cve-icon cve-icon
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst cve-icon cve-icon
https://github.com/ronf/asyncssh/tags cve-icon cve-icon
https://github.com/ssh-mitm/ssh-mitm/issues/165 cve-icon cve-icon
https://github.com/warp-tech/russh/releases/tag/v0.40.2 cve-icon cve-icon
https://gitlab.com/libssh/libssh-mirror/-/tags cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg cve-icon cve-icon
https://help.panic.com/releasenotes/transmit5/ cve-icon cve-icon
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ cve-icon cve-icon
https://matt.ucc.asn.au/dropbear/CHANGES cve-icon cve-icon
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC cve-icon cve-icon
https://news.ycombinator.com/item?id=38684904 cve-icon cve-icon
https://news.ycombinator.com/item?id=38685286 cve-icon cve-icon
https://news.ycombinator.com/item?id=38732005 cve-icon cve-icon
https://nova.app/releases/#v11.8 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-48795 cve-icon
https://oryx-embedded.com/download/#changelog cve-icon cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 cve-icon cve-icon
https://roumenpetrov.info/secsh/#news20231220 cve-icon cve-icon
https://security-tracker.debian.org/tracker/CVE-2023-48795 cve-icon cve-icon
https://security-tracker.debian.org/tracker/source-package/libssh2 cve-icon cve-icon
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg cve-icon cve-icon
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 cve-icon cve-icon
https://security.gentoo.org/glsa/202312-16 cve-icon cve-icon
https://security.gentoo.org/glsa/202312-17 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20240105-0004/ cve-icon cve-icon
https://support.apple.com/kb/HT214084 cve-icon cve-icon
https://terrapin-attack.com/ cve-icon
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ cve-icon cve-icon
https://twitter.com/TrueSkrillor/status/1736774389725565005 cve-icon cve-icon
https://ubuntu.com/security/CVE-2023-48795 cve-icon cve-icon
https://winscp.net/eng/docs/history#6.2.2 cve-icon cve-icon
https://www.bitvise.com/ssh-client-version-history#933 cve-icon cve-icon
https://www.bitvise.com/ssh-server-version-history cve-icon cve-icon
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html cve-icon cve-icon
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-48795 cve-icon
https://www.debian.org/security/2023/dsa-5586 cve-icon cve-icon
https://www.debian.org/security/2023/dsa-5588 cve-icon cve-icon
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc cve-icon cve-icon
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 cve-icon cve-icon
https://www.netsarang.com/en/xshell-update-history/ cve-icon cve-icon
https://www.openssh.com/openbsd.html cve-icon cve-icon
https://www.openssh.com/txt/release-9.6 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2023/12/18/2 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2023/12/20/3 cve-icon cve-icon
https://www.paramiko.org/changelog.html cve-icon cve-icon
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ cve-icon cve-icon
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ cve-icon cve-icon
https://www.terrapin-attack.com cve-icon cve-icon
https://www.theregister.com/2023/12/20/terrapin_attack_ssh cve-icon cve-icon
https://www.vandyke.com/products/securecrt/history.txt cve-icon cve-icon
History

Wed, 02 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9

Thu, 22 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-18T00:00:00

Updated: 2024-08-02T21:46:27.255Z

Reserved: 2023-11-20T00:00:00

Link: CVE-2023-48795

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-18T16:15:10.897

Modified: 2024-05-01T18:15:10.657

Link: CVE-2023-48795

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-12-18T00:00:00Z

Links: CVE-2023-48795 - Bugzilla