CVE-2023-6918

NameCVE-2023-6918
DescriptionA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5591-1
Debian Bugs1059059

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libssh (PTS)jessie, jessie (lts)0.6.3-4+deb8u6vulnerable
stretch (security)0.7.3-2+deb9u3vulnerable
stretch (lts), stretch0.7.3-2+deb9u4vulnerable
buster (security), buster, buster (lts)0.8.7-1+deb10u2vulnerable
bullseye (security), bullseye0.9.8-0+deb11u1fixed
bookworm (security), bookworm0.10.6-0+deb12u1fixed
sid, trixie0.11.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsshsourcejessie(unfixed)end-of-life
libsshsourcebullseye0.9.8-0+deb11u1DSA-5591-1
libsshsourcebookworm0.10.6-0+deb12u1DSA-5591-1
libsshsource(unstable)0.10.6-11059059

Notes

https://www.libssh.org/security/advisories/CVE-2023-6918.txt
https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6)
https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6)
https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6)
https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6)
https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6)

Search for package or bug name: Reporting problems