Impact
AsyncSSH, a Python SSH library, has a flaw where the SCP client does not enforce directory boundaries. A malicious SSH server can send filenames with traversal sequences (../) that the client accepts verbatim and joins to a destination path. This allows the client to write arbitrary files anywhere on its filesystem, potentially overwriting critical files or inserting malicious payloads. The weakness is identified as a path traversal vulnerability (CWE-22) and could compromise confidentiality, integrity, or availability.
Affected Systems
The product affected is AsyncSSH by ronf. All releases prior to 2.23.1 are vulnerable. The issue is fixed in version 2.23.1 and later. Any application or service that uses an older AsyncSSH release is impacted.
Risk and Exploitability
The CVSS score is 8.1, indicating high severity. The EPSS score is not available and the flaw is not listed in the CISA KEV catalog. The attack vector is remote: an attacker controlling an SSH server can send a malicious SCP request to a vulnerable client, enabling arbitrary file writes without needing local access. Once exploited, the attacker can compromise or disrupt the client system.
OpenCVE Enrichment