2023-12-18 17:00:28 +00:00
{
"id" : "CVE-2023-48795" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-12-18T16:15:10.897" ,
2024-04-25 23:58:20 +00:00
"lastModified" : "2024-04-25T22:15:08.130" ,
2024-04-21 02:03:21 +00:00
"vulnStatus" : "Undergoing Analysis" ,
2023-12-18 17:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
2023-12-24 19:00:28 +00:00
"value" : "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
2023-12-19 21:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023."
2023-12-18 17:00:28 +00:00
}
] ,
2023-12-28 19:00:28 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.9 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-354"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.6" ,
"matchCriteriaId" : "5308FBBB-F738-41C5-97A4-E40118E957CD"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.80" ,
"matchCriteriaId" : "A9D807DB-9E20-4792-8A9F-4BFFC841BAB7"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.66.4" ,
"matchCriteriaId" : "42915485-A4DA-48DD-9C15-415D2D39DC52"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "11.1.0" ,
"matchCriteriaId" : "9F37C9AC-185F-403A-A79B-2D5C8E11AFC4"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.10.4" ,
"matchCriteriaId" : "31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "11.8" ,
"matchCriteriaId" : "F2FCF7EF-97D7-44CF-AC74-72D856901755"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "14.4" ,
"matchCriteriaId" : "53CAD263-1C60-43BD-86A2-C8DB15FFB4C6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "6.2.2" ,
"matchCriteriaId" : "8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.33" ,
"matchCriteriaId" : "6209E375-10C7-4E65-A2E7-455A686717AC"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.32" ,
"matchCriteriaId" : "1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "3.66.4" ,
"matchCriteriaId" : "3A71B523-0778-46C6-A38B-64452E0BB6E7"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "418940E3-6DD1-4AA6-846A-03E059D0C681"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "411BA58A-33B6-44CA-B9D6-7F9042D46961"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA17A153-30E4-4731-8706-8F74FCA50993"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FB736F57-9BE3-4457-A10E-FA88D0932154"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.4.3" ,
"matchCriteriaId" : "6EB8D02D-87F3-414D-A3EA-43F594DAAC1B"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.10.6" ,
"matchCriteriaId" : "AAB481DA-FBFE-4CC2-9AE7-22025FA07494"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*" ,
"matchCriteriaId" : "3D6FD459-F8E8-4126-8097-D30B4639404A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*" ,
"versionEndIncluding" : "1.11.0" ,
"matchCriteriaId" : "69510F52-C699-4E7D-87EF-7000682888F0"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.3.8b" ,
"matchCriteriaId" : "9461430B-3709-45B6-8858-2101F5AE4481"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "12.4" ,
"matchCriteriaId" : "B9A01DF3-E20E-4F29-B5CF-DDF717D01E74"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.35.1" ,
"matchCriteriaId" : "D25EB73D-6145-4B7D-8F14-80FD0B458E99"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "5.1" ,
"matchCriteriaId" : "77594DEC-B5F7-4911-A13D-FFE91C74BAFA"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.4" ,
"matchCriteriaId" : "F8FF7E74-2351-4CD9-B717-FA28893293A1"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "10.6.0" ,
"matchCriteriaId" : "82A93C12-FEB6-4E82-B283-0ED7820D807E"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "build__0144" ,
"matchCriteriaId" : "B480AE79-2FA1-4281-9F0D-0DE812B9354D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.4.0" ,
"matchCriteriaId" : "826B6323-06F8-4B96-8771-3FA15A727B08"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "932D137F-528B-4526-9A89-CD59FA1AB0FE"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E315FC5C-FF19-43C9-A58A-CF2A5FF13824"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA7EAD12-E398-44AF-9859-F3CA6C63BA6B"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "77675CB7-67D7-44E9-B7FF-D224B3341AA5"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C0AAA300-691A-4957-8B69-F6888CC971B1"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "45937289-2D64-47CB-A750-5B4F0D4664A0"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97321212-0E07-4CC2-A917-7B5F61AB9A5A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7BF8EFFB-5686-4F28-A68F-1A8854E098CE"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C877879-B84B-471C-80CF-0656521CA8AB"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "379A5883-F6DF-41F5-9403-8D17F6605737"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B5B1D946-5978-4818-BF21-A43D9C1365E1"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6D5A7736-A403-4617-8790-18E46CB74DA6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "88BF3B2C-B121-483A-AEF2-8082F6DA5310"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F0FD736A-8730-446A-BA3A-7B608DB62B0E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4C504B6-3902-46E2-82B7-48AEC9CDD48D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.17.0" ,
"matchCriteriaId" : "F92E56DF-98DF-4328-B37E-4D5744E4103D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*" ,
"versionEndExcluding" : "0.40.2" ,
"matchCriteriaId" : "AC12508E-3C31-44EA-B4F3-29316BE9B189"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.5.6" ,
"matchCriteriaId" : "1750028C-698D-4E84-B727-8A155A46ADEB"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "26.2.1" ,
"matchCriteriaId" : "3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "0.2.15" ,
"matchCriteriaId" : "61119DB3-4336-4D3B-863A-0CCF4146E5C1"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.11.10" ,
"matchCriteriaId" : "F9DCCF91-FA48-406D-B620-D3C8F066FACB"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.14.2" ,
"matchCriteriaId" : "FAE46983-0ABC-49F7-AC18-A78FAC7E73AA"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2022.83" ,
"matchCriteriaId" : "06BF3368-F232-4E6B-883E-A591EED5C827"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.1.0-snapshot" ,
"matchCriteriaId" : "36531FB6-5682-4BF1-9785-E9D6D1C4207B"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.11" ,
"matchCriteriaId" : "514ED687-0D7B-479B-82C5-7EB1A5EEC94C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.4.6" ,
"matchCriteriaId" : "83B1AF39-C0B9-4031-B19A-BDDD4F337273"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "23.09.1" ,
"matchCriteriaId" : "2B71B0EF-888E-45E2-A055-F59CDCC1AFC7"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.7.2" ,
"matchCriteriaId" : "8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "10.6.0" ,
"matchCriteriaId" : "C1795F7A-203F-400E-B09C-0FAF16D01CFC"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.2.22" ,
"matchCriteriaId" : "0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.11.0" ,
"matchCriteriaId" : "E2D7B0CA-C01F-4296-9425-48299E3889C5"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "0.37.0" ,
"matchCriteriaId" : "1C3EB0B8-9E76-4146-AB02-02E20B91D55C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "20230101" ,
"matchCriteriaId" : "0582468A-149B-429F-978A-2AEDF4BE2606"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "0.76.1.13" ,
"matchCriteriaId" : "4C19DD32-7922-4DBD-BC4A-AFB5E6B7A5C2"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "76BDAFDE-4515-42E6-820F-38AF4A786CF2"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5920923E-0D52-44E5-801D-10B82846ED58"
}
]
}
]
}
] ,
2023-12-18 17:00:28 +00:00
"references" : [
2023-12-21 15:00:28 +00:00
{
"url" : "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
2023-12-21 15:00:28 +00:00
} ,
2024-03-13 23:03:26 +00:00
{
"url" : "http://seclists.org/fulldisclosure/2024/Mar/21" ,
"source" : "cve@mitre.org"
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2023/12/18/3" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-20 03:00:29 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2023/12/19/5" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-20 03:00:29 +00:00
} ,
2023-12-20 13:00:28 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2023/12/20/3" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Mitigation"
]
2023-12-20 13:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://access.redhat.com/security/cve/cve-2023-48795" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-20 09:00:28 +00:00
{
"url" : "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Press/Media Coverage"
]
2023-12-20 09:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://bugs.gentoo.org/920280" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 23:00:28 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 23:00:28 +00:00
} ,
{
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1217950" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://crates.io/crates/thrussh/versions" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://filezilla-project.org/versions.php" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-19 07:00:27 +00:00
{
"url" : "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-19 07:00:27 +00:00
} ,
2023-12-18 21:00:28 +00:00
{
"url" : "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 21:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://github.com/NixOS/nixpkgs/pull/275249" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-22 17:00:28 +00:00
} ,
{
"url" : "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://github.com/advisories/GHSA-45x7-px36-x8w8" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-20 23:00:29 +00:00
{
"url" : "https://github.com/apache/mina-sshd/issues/445" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-20 23:00:29 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-19 21:00:28 +00:00
} ,
{
"url" : "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://github.com/cyd01/KiTTY/issues/520" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-20 23:00:29 +00:00
{
"url" : "https://github.com/hierynomus/sshj/issues/916" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-20 23:00:29 +00:00
} ,
{
"url" : "https://github.com/janmojzis/tinyssh/issues/81" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-20 23:00:29 +00:00
} ,
2023-12-19 07:00:27 +00:00
{
"url" : "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-19 07:00:27 +00:00
} ,
2023-12-19 00:55:28 +00:00
{
"url" : "https://github.com/libssh2/libssh2/pull/1291" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mitigation"
]
2023-12-19 00:55:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-19 21:00:28 +00:00
} ,
{
"url" : "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Product"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-18 21:00:28 +00:00
{
"url" : "https://github.com/mwiede/jsch/issues/457" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 21:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://github.com/mwiede/jsch/pull/461" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-21 00:55:28 +00:00
{
"url" : "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-21 00:55:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://github.com/openssh/openssh-portable/commits/master" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://github.com/paramiko/paramiko/issues/2337" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-20 23:00:29 +00:00
{
"url" : "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-20 23:00:29 +00:00
} ,
{
"url" : "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-20 23:00:29 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
{
"url" : "https://github.com/proftpd/proftpd/issues/456" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-19 07:00:27 +00:00
{
"url" : "https://github.com/rapier1/hpn-ssh/releases" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 07:00:27 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://github.com/ronf/asyncssh/tags" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-24 23:00:28 +00:00
{
"url" : "https://github.com/ssh-mitm/ssh-mitm/issues/165" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-24 23:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://github.com/warp-tech/russh/releases/tag/v0.40.2" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://gitlab.com/libssh/libssh-mirror/-/tags" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
{
"url" : "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://help.panic.com/releasenotes/transmit5/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Press/Media Coverage"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-26 05:00:28 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-26 05:00:28 +00:00
} ,
2024-01-25 05:00:28 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" ,
"source" : "cve@mitre.org"
} ,
2024-04-25 23:58:20 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" ,
"source" : "cve@mitre.org"
} ,
2024-01-11 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" ,
"source" : "cve@mitre.org"
} ,
2024-01-09 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" ,
"source" : "cve@mitre.org"
} ,
2024-01-29 11:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" ,
"source" : "cve@mitre.org"
} ,
2023-12-29 05:00:29 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" ,
"source" : "cve@mitre.org"
} ,
2024-01-19 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" ,
"source" : "cve@mitre.org"
} ,
2023-12-30 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" ,
"source" : "cve@mitre.org"
} ,
2024-01-11 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" ,
"source" : "cve@mitre.org"
} ,
2024-01-18 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" ,
"source" : "cve@mitre.org"
} ,
2023-12-29 05:00:29 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" ,
"source" : "cve@mitre.org"
} ,
2024-01-18 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" ,
"source" : "cve@mitre.org"
} ,
2023-12-30 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" ,
"source" : "cve@mitre.org"
} ,
2024-01-29 09:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" ,
"source" : "cve@mitre.org"
} ,
2024-01-10 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" ,
"source" : "cve@mitre.org"
} ,
2023-12-22 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-22 05:00:28 +00:00
} ,
2023-12-30 05:00:28 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" ,
"source" : "cve@mitre.org"
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://matt.ucc.asn.au/dropbear/CHANGES" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://news.ycombinator.com/item?id=38684904" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 19:00:28 +00:00
} ,
{
"url" : "https://news.ycombinator.com/item?id=38685286" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-24 23:00:28 +00:00
{
"url" : "https://news.ycombinator.com/item?id=38732005" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-24 23:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://nova.app/releases/#v11.8" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://oryx-embedded.com/download/#changelog" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2024-01-15 09:00:29 +00:00
{
"url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" ,
"source" : "cve@mitre.org"
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://roumenpetrov.info/secsh/#news20231220" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://security-tracker.debian.org/tracker/CVE-2023-48795" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
{
"url" : "https://security-tracker.debian.org/tracker/source-package/libssh2" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
{
"url" : "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-21 00:55:28 +00:00
{
"url" : "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-21 00:55:28 +00:00
} ,
2023-12-28 05:00:28 +00:00
{
"url" : "https://security.gentoo.org/glsa/202312-16" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-28 05:00:28 +00:00
} ,
{
"url" : "https://security.gentoo.org/glsa/202312-17" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-28 05:00:28 +00:00
} ,
2024-01-05 19:00:28 +00:00
{
"url" : "https://security.netapp.com/advisory/ntap-20240105-0004/" ,
"source" : "cve@mitre.org"
} ,
2024-03-07 23:03:19 +00:00
{
"url" : "https://support.apple.com/kb/HT214084" ,
"source" : "cve@mitre.org"
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2023-12-18 19:00:28 +00:00
} ,
{
"url" : "https://twitter.com/TrueSkrillor/status/1736774389725565005" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Press/Media Coverage"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://ubuntu.com/security/CVE-2023-48795" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://winscp.net/eng/docs/history#6.2.2" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
{
"url" : "https://www.bitvise.com/ssh-client-version-history#933" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://www.bitvise.com/ssh-server-version-history" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
{
"url" : "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-22 15:00:28 +00:00
{
"url" : "https://www.debian.org/security/2023/dsa-5586" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-22 15:00:28 +00:00
} ,
2023-12-24 19:00:28 +00:00
{
"url" : "https://www.debian.org/security/2023/dsa-5588" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-24 19:00:28 +00:00
} ,
2023-12-20 03:00:29 +00:00
{
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-20 03:00:29 +00:00
} ,
2023-12-22 17:00:28 +00:00
{
"url" : "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2023-12-22 17:00:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://www.netsarang.com/en/xshell-update-history/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://www.openssh.com/openbsd.html" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
{
"url" : "https://www.openssh.com/txt/release-9.6" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-18 19:00:28 +00:00
{
"url" : "https://www.openwall.com/lists/oss-security/2023/12/18/2" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List"
]
2023-12-18 19:00:28 +00:00
} ,
2023-12-21 00:55:28 +00:00
{
"url" : "https://www.openwall.com/lists/oss-security/2023/12/20/3" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Mitigation"
]
2023-12-21 00:55:28 +00:00
} ,
2023-12-19 21:00:28 +00:00
{
"url" : "https://www.paramiko.org/changelog.html" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-19 21:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking"
]
2023-12-18 17:00:28 +00:00
} ,
2023-12-18 23:00:28 +00:00
{
"url" : "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Press/Media Coverage"
]
2023-12-18 23:00:28 +00:00
} ,
2023-12-18 17:00:28 +00:00
{
"url" : "https://www.terrapin-attack.com" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit"
]
2023-12-22 17:00:28 +00:00
} ,
{
"url" : "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Press/Media Coverage"
]
2023-12-22 17:00:28 +00:00
} ,
{
"url" : "https://www.vandyke.com/products/securecrt/history.txt" ,
2023-12-28 19:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-12-18 17:00:28 +00:00
}
]
}
