描述
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
AI分析AI驱动
受影响产品
libsshlibssh
libsshlibssh
fedoraprojectfedora
38
fedoraprojectfedora
39
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
参考资料
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://access.redhat.com/security/cve/CVE-2023-6918Mailing ListVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254997Issue TrackingThird Party Advisory
- https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/Release Notes
- https://www.libssh.org/security/advisories/CVE-2023-6918.txtVendor Advisory
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://access.redhat.com/security/cve/CVE-2023-6918Mailing ListVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254997Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
- https://security.netapp.com/advisory/ntap-20250214-0009/
- https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/Release Notes
- https://www.libssh.org/security/advisories/CVE-2023-6918.txtVendor Advisory