CVE-2023-6918 - OpenCVE

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Libssh	Libssh
Redhat	Enterprise Linux
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:libssh:libssh::::::::
	cpe:2.3:a:libssh:libssh::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2504
https://access.redhat.com/errata/RHSA-2024:3233
https://access.redhat.com/security/cve/CVE-2023-6918	Mailing List Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254997	Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/	Mailing List Vendor Advisory
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/	Release Notes
https://www.libssh.org/security/advisories/CVE-2023-6918.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-18T23:27:48.540Z

Updated: 2024-05-22T17:06:45.568Z

Reserved: 2023-12-18T11:40:15.080Z

Link: CVE-2023-6918

JSON object: View

NVD Information

Status : Modified

Published: 2023-12-19T00:15:08.460

Modified: 2024-05-22T17:16:10.383

Link: CVE-2023-6918

JSON object: View

Redhat Information

No data.

CWE

CWE-252

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6918", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-18T11:40:15.080Z", "datePublished": "2023-12-18T23:27:48.540Z", "dateUpdated": "2024-05-22T17:06:45.568Z"}, "containers": {"cna": {"title": "Libssh: missing checks for return values for digests", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.9.6-14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.9.6-14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.10.4-13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "versions": [{"version": "0:0.10.4-13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:2504", "name": "RHSA-2024:2504", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3233", "name": "RHSA-2024:3233", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6918", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", "name": "RHBZ#2254997", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"}, {"url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/"}, {"url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt"}], "datePublic": "2023-12-18T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "description": "Unchecked Return Value", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-252: Unchecked Return Value", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-22T17:06:45.568Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "4836788D-9936-404F-B0A8-DDDAC3969F20", "versionEndExcluding": "0.9.8", "versionStartIncluding": "0.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB546AC-788C-422E-B6BD-756BF39BD0F5", "versionEndExcluding": "0.10.6", "versionStartIncluding": "0.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la capa abstracta de implementaci\u00f3n de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptogr\u00e1ficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podr\u00eda causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. En este caso, las claves que no coinciden resultar\u00e1n en fallas de descifrado/integridad, lo que terminar\u00e1 la conexi\u00f3n."}], "id": "CVE-2023-6918", "lastModified": "2024-05-22T17:16:10.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-12-19T00:15:08.460", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2504"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3233"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-6918"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254997"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-252"}], "source": "secalert@redhat.com", "type": "Secondary"}]}