CVE Vulnerabilities

CVE-2023-2283

Improper Authentication

Published: May 26, 2023 | Modified: Feb 01, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
4.8 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepki_verify_data_signature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value rc, which is initialized to SSH_ERROR and later rewritten to save the return value of the function call pki_key_check_hash_compatible. The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls goto error returning SSH_OK.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Libssh Libssh 0.9.1 (including) 0.9.6 (including)
Libssh Libssh 0.10.0 (including) 0.10.4 (including)
Red Hat Enterprise Linux 8 RedHat libssh-0:0.9.6-10.el8_8 *
Red Hat Enterprise Linux 8 RedHat libssh-0:0.9.6-10.el8_8 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat libssh-0:0.9.6-4.el8_6 *
Red Hat Enterprise Linux 9 RedHat libssh-0:0.10.4-11.el9 *
Red Hat Enterprise Linux 9 RedHat libssh-0:0.10.4-11.el9 *
Libssh Ubuntu bionic *
Libssh Ubuntu devel *
Libssh Ubuntu focal *
Libssh Ubuntu jammy *
Libssh Ubuntu kinetic *
Libssh Ubuntu lunar *
Libssh Ubuntu mantic *
Libssh Ubuntu trusty *
Libssh Ubuntu upstream *
Libssh Ubuntu xenial *

Potential Mitigations

References