CVE-2023-6918

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 19, 2023

Updated: May 22, 2024

CWE ID 252

Summary

CVE-2023-6918 is a vulnerability affecting the libssh library's message digest (MD) operations in various crypto backends. The abstract layer for these operations does not adequately check return values, leading to potential low-memory situations, crashes, NULL dereferences, or usage of uninitialized memory as input for the Key Derivation Function (KDF). Consequently, non-matching keys may result in decryption or integrity failures, ultimately terminating the connection.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Enterprise Linux
Fedora Operating System

Affected Vendors

Red Hat
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t2ANt-
https://www.cve.org/CVERecord?id=CVE-2023-6918
https://nvd.nist.gov/vuln/detail/CVE-2023-6918

Back to Vulnerability Database