CVE-2023-6918
LOWlibssh 0.9.0-0.9.8 - Denial of Service via Unchecked MD Return Values
Title source: llmDescription
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References (9)
Core 9
Core References
Vendor Advisory
https://www.libssh.org/security/advisories/CVE-2023-6918.txt
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250214-0009/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2504
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3233
Mailing List, Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6918
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2254997
Scores
CVSS v3
3.7
EPSS
0.0142
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-252
Status
published
Products (5)
fedoraproject/fedora
38
fedoraproject/fedora
39
libssh/libssh
0.9.0 - 0.9.8
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
Published
Dec 19, 2023
Tracked Since
Feb 18, 2026