Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-6918

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Related bugs and status

CVE-2023-6918 (Candidate) is related to these bugs:

Bug #2047673: [Debian] Medium CVE: CVE-2023-6004/CVE-2023-6918/CVE-2023-48795 libssh : multiple CVEs

Summary				In	Importance	Status
	2047673	[Debian] Medium CVE: CVE-2023-6004/CVE-2023-6918/CVE-2023-48795 libssh : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: https://access.redhat....
MISC: https://www.libssh.org...
MISC: https://lists.fedorapr...
MISC: https://www.libssh.org...
MISC: https://lists.fedorapr...