{ "id": "CVE-2023-48795", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-18T16:15:10.897", "lastModified": "2024-04-25T22:15:08.130", "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust." }, { "lang": "es", "value": "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-354" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.6", "matchCriteriaId": "5308FBBB-F738-41C5-97A4-E40118E957CD" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.80", "matchCriteriaId": "A9D807DB-9E20-4792-8A9F-4BFFC841BAB7" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.66.4", "matchCriteriaId": "42915485-A4DA-48DD-9C15-415D2D39DC52" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", "versionEndIncluding": "11.1.0", "matchCriteriaId": "9F37C9AC-185F-403A-A79B-2D5C8E11AFC4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.4", "matchCriteriaId": "31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.8", "matchCriteriaId": "F2FCF7EF-97D7-44CF-AC74-72D856901755" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.4", "matchCriteriaId": "53CAD263-1C60-43BD-86A2-C8DB15FFB4C6" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2.2", "matchCriteriaId": "8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.33", "matchCriteriaId": "6209E375-10C7-4E65-A2E7-455A686717AC" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.32", "matchCriteriaId": "1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.66.4", "matchCriteriaId": "3A71B523-0778-46C6-A38B-64452E0BB6E7" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*", "matchCriteriaId": "418940E3-6DD1-4AA6-846A-03E059D0C681" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*", "matchCriteriaId": "411BA58A-33B6-44CA-B9D6-7F9042D46961" }, { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*", "matchCriteriaId": "FA17A153-30E4-4731-8706-8F74FCA50993" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB736F57-9BE3-4457-A10E-FA88D0932154" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.4.3", "matchCriteriaId": "6EB8D02D-87F3-414D-A3EA-43F594DAAC1B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.10.6", "matchCriteriaId": "AAB481DA-FBFE-4CC2-9AE7-22025FA07494" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*", "matchCriteriaId": "3D6FD459-F8E8-4126-8097-D30B4639404A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*", "versionEndIncluding": "1.11.0", "matchCriteriaId": "69510F52-C699-4E7D-87EF-7000682888F0" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.3.8b", "matchCriteriaId": "9461430B-3709-45B6-8858-2101F5AE4481" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndIncluding": "12.4", "matchCriteriaId": "B9A01DF3-E20E-4F29-B5CF-DDF717D01E74" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.35.1", "matchCriteriaId": "D25EB73D-6145-4B7D-8F14-80FD0B458E99" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.1", "matchCriteriaId": "77594DEC-B5F7-4911-A13D-FFE91C74BAFA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.4", "matchCriteriaId": "F8FF7E74-2351-4CD9-B717-FA28893293A1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.6.0", "matchCriteriaId": "82A93C12-FEB6-4E82-B283-0ED7820D807E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*", "versionEndExcluding": "build__0144", "matchCriteriaId": "B480AE79-2FA1-4281-9F0D-0DE812B9354D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.0", "matchCriteriaId": "826B6323-06F8-4B96-8771-3FA15A727B08" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA7EAD12-E398-44AF-9859-F3CA6C63BA6B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", "matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0AAA300-691A-4957-8B69-F6888CC971B1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", "matchCriteriaId": "45937289-2D64-47CB-A750-5B4F0D4664A0" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", "matchCriteriaId": "9C877879-B84B-471C-80CF-0656521CA8AB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5B1D946-5978-4818-BF21-A43D9C1365E1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", "matchCriteriaId": "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D5A7736-A403-4617-8790-18E46CB74DA6" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4C504B6-3902-46E2-82B7-48AEC9CDD48D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.17.0", "matchCriteriaId": "F92E56DF-98DF-4328-B37E-4D5744E4103D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*", "versionEndExcluding": "0.40.2", "matchCriteriaId": "AC12508E-3C31-44EA-B4F3-29316BE9B189" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.5.6", "matchCriteriaId": "1750028C-698D-4E84-B727-8A155A46ADEB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2.1", "matchCriteriaId": "3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.2.15", "matchCriteriaId": "61119DB3-4336-4D3B-863A-0CCF4146E5C1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.11.10", "matchCriteriaId": "F9DCCF91-FA48-406D-B620-D3C8F066FACB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.14.2", "matchCriteriaId": "FAE46983-0ABC-49F7-AC18-A78FAC7E73AA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "2022.83", "matchCriteriaId": "06BF3368-F232-4E6B-883E-A591EED5C827" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.1.0-snapshot", "matchCriteriaId": "36531FB6-5682-4BF1-9785-E9D6D1C4207B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.11", "matchCriteriaId": "514ED687-0D7B-479B-82C5-7EB1A5EEC94C" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.4.6", "matchCriteriaId": "83B1AF39-C0B9-4031-B19A-BDDD4F337273" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*", "versionEndIncluding": "23.09.1", "matchCriteriaId": "2B71B0EF-888E-45E2-A055-F59CDCC1AFC7" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.7.2", "matchCriteriaId": "8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.6.0", "matchCriteriaId": "C1795F7A-203F-400E-B09C-0FAF16D01CFC" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.2.22", "matchCriteriaId": "0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.11.0", "matchCriteriaId": "E2D7B0CA-C01F-4296-9425-48299E3889C5" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.37.0", "matchCriteriaId": "1C3EB0B8-9E76-4146-AB02-02E20B91D55C" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*", "versionEndIncluding": "20230101", "matchCriteriaId": "0582468A-149B-429F-978A-2AEDF4BE2606" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*", "matchCriteriaId": "7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:kitty_project:kitty:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.76.1.13", "matchCriteriaId": "4C19DD32-7922-4DBD-BC4A-AFB5E6B7A5C2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*", "matchCriteriaId": "76BDAFDE-4515-42E6-820F-38AF4A786CF2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "5920923E-0D52-44E5-801D-10B82846ED58" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "source": "cve@mitre.org", "tags": [ "Mailing List", "Mitigation" ] }, { "url": "https://access.redhat.com/security/cve/cve-2023-48795", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "source": "cve@mitre.org", "tags": [ "Press/Media Coverage" ] }, { "url": "https://bugs.gentoo.org/920280", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://crates.io/crates/thrussh/versions", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://filezilla-project.org/versions.php", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/NixOS/nixpkgs/pull/275249", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/apache/mina-sshd/issues/445", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/cyd01/KiTTY/issues/520", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/hierynomus/sshj/issues/916", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/janmojzis/tinyssh/issues/81", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/libssh2/libssh2/pull/1291", "source": "cve@mitre.org", "tags": [ "Mitigation" ] }, { "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "source": "cve@mitre.org", "tags": [ "Product" ] }, { "url": "https://github.com/mwiede/jsch/issues/457", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/mwiede/jsch/pull/461", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/openssh/openssh-portable/commits/master", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://github.com/paramiko/paramiko/issues/2337", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/proftpd/proftpd/issues/456", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/rapier1/hpn-ssh/releases", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/ronf/asyncssh/tags", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://gitlab.com/libssh/libssh-mirror/-/tags", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "https://help.panic.com/releasenotes/transmit5/", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "source": "cve@mitre.org", "tags": [ "Press/Media Coverage" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "source": "cve@mitre.org" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "source": "cve@mitre.org" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "source": "cve@mitre.org" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "source": "cve@mitre.org" }, { "url": "https://matt.ucc.asn.au/dropbear/CHANGES", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "https://news.ycombinator.com/item?id=38684904", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://news.ycombinator.com/item?id=38685286", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://news.ycombinator.com/item?id=38732005", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://nova.app/releases/#v11.8", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://oryx-embedded.com/download/#changelog", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "source": "cve@mitre.org" }, { "url": "https://roumenpetrov.info/secsh/#news20231220", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://security-tracker.debian.org/tracker/source-package/libssh2", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://security.gentoo.org/glsa/202312-16", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/202312-17", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20240105-0004/", "source": "cve@mitre.org" }, { "url": "https://support.apple.com/kb/HT214084", "source": "cve@mitre.org" }, { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "source": "cve@mitre.org", "tags": [ "Press/Media Coverage" ] }, { "url": "https://ubuntu.com/security/CVE-2023-48795", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://winscp.net/eng/docs/history#6.2.2", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.bitvise.com/ssh-client-version-history#933", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.bitvise.com/ssh-server-version-history", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.debian.org/security/2023/dsa-5586", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://www.debian.org/security/2023/dsa-5588", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.netsarang.com/en/xshell-update-history/", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.openssh.com/openbsd.html", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.openssh.com/txt/release-9.6", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "source": "cve@mitre.org", "tags": [ "Mailing List" ] }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "source": "cve@mitre.org", "tags": [ "Mailing List", "Mitigation" ] }, { "url": "https://www.paramiko.org/changelog.html", "source": "cve@mitre.org", "tags": [ "Release Notes" ] }, { "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "source": "cve@mitre.org", "tags": [ "Issue Tracking" ] }, { "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "source": "cve@mitre.org", "tags": [ "Press/Media Coverage" ] }, { "url": "https://www.terrapin-attack.com", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "source": "cve@mitre.org", "tags": [ "Press/Media Coverage" ] }, { "url": "https://www.vandyke.com/products/securecrt/history.txt", "source": "cve@mitre.org", "tags": [ "Release Notes" ] } ] }