{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6918", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-18T11:40:15.080Z", "datePublished": "2023-12-18T23:27:48.540Z", "dateUpdated": "2024-09-16T17:53:33.499Z"}, "containers": {"cna": {"title": "Libssh: missing checks for return values for digests", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.9.6-14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.9.6-14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.10.4-13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.10.4-13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2504", "name": "RHSA-2024:2504", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3233", "name": "RHSA-2024:3233", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6918", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", "name": "RHBZ#2254997", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/"}, {"url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt"}], "datePublic": "2023-12-18T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "description": "Unchecked Return Value", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-252: Unchecked Return Value", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T17:53:33.499Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.414Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2504", "name": "RHSA-2024:2504", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3233", "name": "RHSA-2024:3233", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6918", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", "name": "RHBZ#2254997", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "tags": ["x_transferred"]}, {"url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/", "tags": ["x_transferred"]}, {"url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "4836788D-9936-404F-B0A8-DDDAC3969F20", "versionEndExcluding": "0.9.8", "versionStartIncluding": "0.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB546AC-788C-422E-B6BD-756BF39BD0F5", "versionEndExcluding": "0.10.6", "versionStartIncluding": "0.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la capa abstracta de implementaci\u00f3n de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptogr\u00e1ficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podr\u00eda causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. En este caso, las claves que no coinciden resultar\u00e1n en fallas de descifrado/integridad, lo que terminar\u00e1 la conexi\u00f3n."}], "id": "CVE-2023-6918", "lastModified": "2024-09-16T18:15:53.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-12-19T00:15:08.460", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2504"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3233"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-6918"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-252"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:3233", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libssh-0:0.9.6-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:3233", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libssh-0:0.9.6-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2504", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libssh-0:0.10.4-13.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2504", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "libssh-0:0.10.4-13.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "libssh: Missing checks for return values for digests", "id": "2254997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-252", "details": ["A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-6918", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6918\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6918\nhttps://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/\nhttps://www.libssh.org/security/advisories/CVE-2023-6918.txt"], "statement": "This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.", "threat_severity": "Low", "upstream_fix": "libssh 0.9.8, libssh 0.10.6"}