説明
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
AI分析AIによる分析
影響を受ける製品
libsshlibssh
libsshlibssh
fedoraprojectfedora
38
fedoraprojectfedora
39
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
参照
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://access.redhat.com/security/cve/CVE-2023-6918Mailing ListVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254997Issue TrackingThird Party Advisory
- https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/Release Notes
- https://www.libssh.org/security/advisories/CVE-2023-6918.txtVendor Advisory
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://access.redhat.com/security/cve/CVE-2023-6918Mailing ListVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254997Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
- https://security.netapp.com/advisory/ntap-20250214-0009/
- https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/Release Notes
- https://www.libssh.org/security/advisories/CVE-2023-6918.txtVendor Advisory