CVE-2023-51767

ADVISORY - nist

Summary

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

EPSS Score⁠: 0.00051 (0.211)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-other⁠

Impacted images

Advisories

NIST

CREATED

10 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-51767⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-other⁠

CVSS SCORE

7high

Debian

CREATED

10 months ago

UPDATED

2 days ago

ADVISORY IDCVE-2023-51767⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

10 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2023-51767⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

Red Hat

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDCVE-2023-51767⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-48mc-52qc-4c82

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY