A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:2504 | |
https://access.redhat.com/errata/RHSA-2024:3233 | |
https://access.redhat.com/security/cve/CVE-2023-6918 | Mailing List Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2254997 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ | Mailing List Vendor Advisory |
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ | Release Notes |
https://www.libssh.org/security/advisories/CVE-2023-6918.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-18T23:27:48.540Z
Updated: 2024-05-22T17:06:45.568Z
Reserved: 2023-12-18T11:40:15.080Z
Link: CVE-2023-6918
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-19T00:15:08.460
Modified: 2024-05-22T17:16:10.383
Link: CVE-2023-6918
JSON object: View
Redhat Information
No data.
CWE