Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-6004

Опубликовано: 03 янв. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsshfixed0.10.6-1package

Примечания

  • https://www.libssh.org/security/advisories/CVE-2023-6004.txt

  • https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html

  • https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6)

  • Original patchset introduces a regression (with IPv6 parsing in ssh_options_set API):

  • https://gitlab.com/libssh/libssh-mirror/-/issues/227

EPSS

Процентиль: 22%
0.00069
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-6004

CVSS3: 4.8
ubuntu
больше 1 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

redhat логотип

CVE-2023-6004

CVSS3: 4.8
redhat
больше 1 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

nvd логотип

CVE-2023-6004

CVSS3: 4.8
nvd
больше 1 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

msrc логотип

CVE-2023-6004

CVSS3: 4.8
msrc
3 месяца назад

Описание отсутствует

github логотип

GHSA-f35j-mfvw-p857

CVSS3: 3.9
github
больше 1 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

EPSS

Процентиль: 22%
0.00069
Низкий