Sign In

CVE-2023-51767

SOURCE - nist

Summary

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

EPSS Score: 0.00051 (0.195)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-other

Sources (6)

Impacted images

debian

CREATED

UPDATED

SOURCE IDCVE-2023-51767
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow
PackageTypeOS NameOS VersionAffected RangesFix Versions
debian/opensshdebdebian12>=1:9.2p1-2+deb12u2Not yet available
debian/opensshdebdebianunstable>=1:9.7p1-5Not yet available
debian/opensshdebdebian13>=1:9.7p1-5Not yet available
debian/opensshdebdebian10>=1:7.9p1-10+deb10u2Not yet available
debian/opensshdebdebian11>=1:8.4p1-5+deb11u3Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

UPDATED

SOURCE IDCVE-2023-51767
EXPLOITABILITY SCORE

1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-other

CVSS SCORE

7high

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2023-51767
EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

redhat

CREATED

UPDATED

SOURCE IDCVE-2023-51767
EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

chainguard

CREATED

UPDATED

SOURCE ID

CVE-2023-51767

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

wolfi

CREATED

UPDATED

SOURCE ID

CVE-2023-51767

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE