CVE-2023-6918

ADVISORY - nist

Summary

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

EPSS Score⁠: 0.00373 (0.585)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-252⁠

Unchecked Return Value

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-252⁠

Unchecked Return Value

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-252⁠

Unchecked Return Value

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2023-6918⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-252⁠

CVSS SCORE

3.7low

Alpine

CREATED

2 years ago

UPDATED

1 month ago

ADVISORY IDCVE-2023-6918⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 years ago

UPDATED

1 month ago

ADVISORY IDCVE-2023-6918⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-6918⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2023-6918

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-252⁠CWE-937⁠

CVSS SCORE

9.1critical

Alma

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDALSA-2024:2504⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2024:3233⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-6918⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-252⁠

CVSS SCORE

3.7low

Rocky

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDRLSA-2024:2504⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Rocky

CREATED

1 year ago

UPDATED

8 months ago

ADVISORY IDRLSA-2024:3233⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2024-2504⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2024-3233⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-4fww-r5j4-v938

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-5gpg-p7r2-f5wp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY ID

CVE-2023-6918

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium