Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from cvelistv5 – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02
VLAI
EPSS
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
139 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:05:21.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:05.519910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:45:57.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:02:25.905Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2026-05-12T11:02:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-48795",
"date": "2026-06-27",
"epss": "0.93305",
"percentile": "0.99822"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.6\", \"matchCriteriaId\": \"5308FBBB-F738-41C5-97A4-E40118E957CD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.80\", \"matchCriteriaId\": \"A9D807DB-9E20-4792-8A9F-4BFFC841BAB7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.66.4\", \"matchCriteriaId\": \"42915485-A4DA-48DD-9C15-415D2D39DC52\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.1.0\", \"matchCriteriaId\": \"9F37C9AC-185F-403A-A79B-2D5C8E11AFC4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.10.4\", \"matchCriteriaId\": \"31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.8\", \"matchCriteriaId\": \"F2FCF7EF-97D7-44CF-AC74-72D856901755\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.4\", \"matchCriteriaId\": \"53CAD263-1C60-43BD-86A2-C8DB15FFB4C6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.2.2\", \"matchCriteriaId\": \"8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.33\", \"matchCriteriaId\": \"6209E375-10C7-4E65-A2E7-455A686717AC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.32\", \"matchCriteriaId\": \"1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.66.4\", \"matchCriteriaId\": \"3A71B523-0778-46C6-A38B-64452E0BB6E7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"418940E3-6DD1-4AA6-846A-03E059D0C681\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"411BA58A-33B6-44CA-B9D6-7F9042D46961\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA17A153-30E4-4731-8706-8F74FCA50993\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB736F57-9BE3-4457-A10E-FA88D0932154\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.4.3\", \"matchCriteriaId\": \"6EB8D02D-87F3-414D-A3EA-43F594DAAC1B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.10.6\", \"matchCriteriaId\": \"AAB481DA-FBFE-4CC2-9AE7-22025FA07494\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*\", \"matchCriteriaId\": \"3D6FD459-F8E8-4126-8097-D30B4639404A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\", \"versionEndIncluding\": \"1.11.0\", \"matchCriteriaId\": \"69510F52-C699-4E7D-87EF-7000682888F0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.3.8b\", \"matchCriteriaId\": \"9461430B-3709-45B6-8858-2101F5AE4481\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.4\", \"matchCriteriaId\": \"B9A01DF3-E20E-4F29-B5CF-DDF717D01E74\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.35.1\", \"matchCriteriaId\": \"D25EB73D-6145-4B7D-8F14-80FD0B458E99\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\", \"matchCriteriaId\": \"77594DEC-B5F7-4911-A13D-FFE91C74BAFA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.3.4\", \"matchCriteriaId\": \"F8FF7E74-2351-4CD9-B717-FA28893293A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.6.0\", \"matchCriteriaId\": \"82A93C12-FEB6-4E82-B283-0ED7820D807E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"build__0144\", \"matchCriteriaId\": \"B480AE79-2FA1-4281-9F0D-0DE812B9354D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.0\", \"matchCriteriaId\": \"826B6323-06F8-4B96-8771-3FA15A727B08\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA7EAD12-E398-44AF-9859-F3CA6C63BA6B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0AAA300-691A-4957-8B69-F6888CC971B1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45937289-2D64-47CB-A750-5B4F0D4664A0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E2C021C-A9F0-4EB4-ADED-81D8B57B4563\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C877879-B84B-471C-80CF-0656521CA8AB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"379A5883-F6DF-41F5-9403-8D17F6605737\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5B1D946-5978-4818-BF21-A43D9C1365E1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5A7736-A403-4617-8790-18E46CB74DA6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.17.0\", \"matchCriteriaId\": \"F92E56DF-98DF-4328-B37E-4D5744E4103D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*\", \"versionEndExcluding\": \"0.40.2\", \"matchCriteriaId\": \"AC12508E-3C31-44EA-B4F3-29316BE9B189\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.5.6\", \"matchCriteriaId\": \"1750028C-698D-4E84-B727-8A155A46ADEB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"26.2.1\", \"matchCriteriaId\": \"3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.2.15\", \"matchCriteriaId\": \"61119DB3-4336-4D3B-863A-0CCF4146E5C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11.1\", \"matchCriteriaId\": \"7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.14.2\", \"matchCriteriaId\": \"FAE46983-0ABC-49F7-AC18-A78FAC7E73AA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2022.83\", \"matchCriteriaId\": \"06BF3368-F232-4E6B-883E-A591EED5C827\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.1.0-snapshot\", \"matchCriteriaId\": \"36531FB6-5682-4BF1-9785-E9D6D1C4207B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.11\", \"matchCriteriaId\": \"514ED687-0D7B-479B-82C5-7EB1A5EEC94C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.6\", \"matchCriteriaId\": \"83B1AF39-C0B9-4031-B19A-BDDD4F337273\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"23.09.1\", \"matchCriteriaId\": \"2B71B0EF-888E-45E2-A055-F59CDCC1AFC7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.2\", \"matchCriteriaId\": \"8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.6.0\", \"matchCriteriaId\": \"C1795F7A-203F-400E-B09C-0FAF16D01CFC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.22\", \"matchCriteriaId\": \"0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"E2D7B0CA-C01F-4296-9425-48299E3889C5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.37.0\", \"matchCriteriaId\": \"1C3EB0B8-9E76-4146-AB02-02E20B91D55C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20230101\", \"matchCriteriaId\": \"0582468A-149B-429F-978A-2AEDF4BE2606\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.76.1.13\", \"matchCriteriaId\": \"98321BF9-5E8F-4836-842C-47713B1C2775\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BDAFDE-4515-42E6-820F-38AF4A786CF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5920923E-0D52-44E5-801D-10B82846ED58\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.4\", \"matchCriteriaId\": \"73160D1F-755B-46D2-969F-DF8E43BB1099\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"}, {\"lang\": \"es\", \"value\": \"El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\\u00f3n de extensi\\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\\u00f3n para la cual algunas caracter\\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\\u00eda haber efectos en Bitvise SSH hasta la versi\\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.\"}]",
"id": "CVE-2023-48795",
"lastModified": "2024-12-02T14:54:27.177",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
"published": "2023-12-18T16:15:10.897",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-354\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-48795\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-18T16:15:10.897\",\"lastModified\":\"2026-06-17T06:34:59.200\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"},{\"lang\":\"es\",\"value\":\"El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociaci\u00f3n de extensi\u00f3n) y, en consecuencia, un cliente y un servidor pueden terminar con una conexi\u00f3n para la cual algunas caracter\u00edsticas de seguridad han sido degradadas o deshabilitadas, tambi\u00e9n conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de n\u00fameros de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisi\u00f3n se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto tambi\u00e9n afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podr\u00eda haber efectos en Bitvise SSH hasta la versi\u00f3n 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM APE1808\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2023-12-22T05:01:05.519910Z\",\"id\":\"CVE-2023-48795\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.6\",\"matchCriteriaId\":\"5308FBBB-F738-41C5-97A4-E40118E957CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.80\",\"matchCriteriaId\":\"A9D807DB-9E20-4792-8A9F-4BFFC841BAB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.66.4\",\"matchCriteriaId\":\"42915485-A4DA-48DD-9C15-415D2D39DC52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.4\",\"matchCriteriaId\":\"31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.8\",\"matchCriteriaId\":\"F2FCF7EF-97D7-44CF-AC74-72D856901755\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"53CAD263-1C60-43BD-86A2-C8DB15FFB4C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.2\",\"matchCriteriaId\":\"8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.33\",\"matchCriteriaId\":\"6209E375-10C7-4E65-A2E7-455A686717AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.32\",\"matchCriteriaId\":\"1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.66.4\",\"matchCriteriaId\":\"3A71B523-0778-46C6-A38B-64452E0BB6E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"418940E3-6DD1-4AA6-846A-03E059D0C681\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411BA58A-33B6-44CA-B9D6-7F9042D46961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA17A153-30E4-4731-8706-8F74FCA50993\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB736F57-9BE3-4457-A10E-FA88D0932154\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.3\",\"matchCriteriaId\":\"6EB8D02D-87F3-414D-A3EA-43F594DAAC1B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.10.6\",\"matchCriteriaId\":\"AAB481DA-FBFE-4CC2-9AE7-22025FA07494\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"3D6FD459-F8E8-4126-8097-D30B4639404A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"1.11.0\",\"matchCriteriaId\":\"69510F52-C699-4E7D-87EF-7000682888F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.8b\",\"matchCriteriaId\":\"9461430B-3709-45B6-8858-2101F5AE4481\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"B9A01DF3-E20E-4F29-B5CF-DDF717D01E74\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.35.1\",\"matchCriteriaId\":\"D25EB73D-6145-4B7D-8F14-80FD0B458E99\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"77594DEC-B5F7-4911-A13D-FFE91C74BAFA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"F8FF7E74-2351-4CD9-B717-FA28893293A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6.0\",\"matchCriteriaId\":\"82A93C12-FEB6-4E82-B283-0ED7820D807E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"build__0144\",\"matchCriteriaId\":\"B480AE79-2FA1-4281-9F0D-0DE812B9354D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"826B6323-06F8-4B96-8771-3FA15A727B08\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7EAD12-E398-44AF-9859-F3CA6C63BA6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E2C021C-A9F0-4EB4-ADED-81D8B57B4563\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379A5883-F6DF-41F5-9403-8D17F6605737\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B1D946-5978-4818-BF21-A43D9C1365E1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BF3B2C-B121-483A-AEF2-8082F6DA5310\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"F92E56DF-98DF-4328-B37E-4D5744E4103D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.40.2\",\"matchCriteriaId\":\"AC12508E-3C31-44EA-B4F3-29316BE9B189\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.6\",\"matchCriteriaId\":\"1750028C-698D-4E84-B727-8A155A46ADEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.3.4.27\",\"matchCriteriaId\":\"B38C0997-A8CC-473C-98CF-641FD21EB411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"23.0\",\"versionEndExcluding\":\"23.3.4.20\",\"matchCriteriaId\":\"5887F3E2-9214-4FAE-8768-441D770E27C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"24.0\",\"versionEndExcluding\":\"24.3.4.15\",\"matchCriteriaId\":\"8D7CB988-94C4-45BE-AD9D-9C16899A71DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.0\",\"versionEndExcluding\":\"25.3.2.8\",\"matchCriteriaId\":\"EB749F4B-99FC-4AE8-BDB3-85B081B52F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2.1\",\"matchCriteriaId\":\"2380909A-BA9B-4A76-82F2-D2D0EF242E57\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.2.15\",\"matchCriteriaId\":\"61119DB3-4336-4D3B-863A-0CCF4146E5C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.1\",\"matchCriteriaId\":\"7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.14.2\",\"matchCriteriaId\":\"FAE46983-0ABC-49F7-AC18-A78FAC7E73AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022.83\",\"matchCriteriaId\":\"06BF3368-F232-4E6B-883E-A591EED5C827\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.0-snapshot\",\"matchCriteriaId\":\"36531FB6-5682-4BF1-9785-E9D6D1C4207B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.1.5\",\"matchCriteriaId\":\"A86A51EA-B501-42F8-91E6-4EA97DED767C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.11.1.7\",\"matchCriteriaId\":\"70989970-E224-4D1C-941E-BBFB2AE7285C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.12\",\"versionEndExcluding\":\"4.13.2.4\",\"matchCriteriaId\":\"E7819CE3-2849-4D15-874B-F6A68EF6D65F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14\",\"versionEndExcluding\":\"4.15.3.1\",\"matchCriteriaId\":\"F6A4DD8B-06AD-4F13-8F7E-1E2AAF81C119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"D91ED5E1-1D75-4B63-B0A2-B2EB6D4AC685\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.6\",\"matchCriteriaId\":\"83B1AF39-C0B9-4031-B19A-BDDD4F337273\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.09.1\",\"matchCriteriaId\":\"2B71B0EF-888E-45E2-A055-F59CDCC1AFC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.2\",\"matchCriteriaId\":\"8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.0\",\"matchCriteriaId\":\"C1795F7A-203F-400E-B09C-0FAF16D01CFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.22\",\"matchCriteriaId\":\"0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"E2D7B0CA-C01F-4296-9425-48299E3889C5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.37.0\",\"matchCriteriaId\":\"1C3EB0B8-9E76-4146-AB02-02E20B91D55C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20230101\",\"matchCriteriaId\":\"0582468A-149B-429F-978A-2AEDF4BE2606\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.76.1.13\",\"matchCriteriaId\":\"98321BF9-5E8F-4836-842C-47713B1C2775\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BDAFDE-4515-42E6-820F-38AF4A786CF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5920923E-0D52-44E5-801D-10B82846ED58\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"73160D1F-755B-46D2-969F-DF8E43BB1099\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Mar/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/18/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/17/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://bugs.gentoo.org/920280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1217950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://crates.io/crates/thrussh/versions\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://filezilla-project.org/versions.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/275249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/advisories/GHSA-45x7-px36-x8w8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/mina-sshd/issues/445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/cyd01/KiTTY/issues/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/hierynomus/sshj/issues/916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/janmojzis/tinyssh/issues/81\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/1291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\"]},{\"url\":\"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mwiede/jsch/issues/457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/mwiede/jsch/pull/461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssh/openssh-portable/commits/master\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/2337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/proftpd/proftpd/issues/456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rapier1/hpn-ssh/releases\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ronf/asyncssh/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ssh-mitm/ssh-mitm/issues/165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/warp-tech/russh/releases/tag/v0.40.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/libssh/libssh-mirror/-/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://help.panic.com/releasenotes/transmit5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://matt.ucc.asn.au/dropbear/CHANGES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://news.ycombinator.com/item?id=38684904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38685286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=38732005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://nova.app/releases/#v11.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://oryx-embedded.com/download/#changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://roumenpetrov.info/secsh/#news20231220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/libssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240105-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/TrueSkrillor/status/1736774389725565005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-48795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://winscp.net/eng/docs/history#6.2.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-client-version-history#933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.bitvise.com/ssh-server-version-history\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netsarang.com/en/xshell-update-history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/openbsd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openssh.com/txt/release-9.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\"]},{\"url\":\"https://www.paramiko.org/changelog.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.terrapin-attack.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vandyke.com/products/securecrt/history.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability\"}, {\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.paramiko.org/changelog.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/openbsd.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssh.com/txt/release-9.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.terrapin-attack.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.gentoo.org/920280\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://oryx-embedded.com/download/#changelog\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crates.io/crates/thrussh/versions\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://filezilla-project.org/versions.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://nova.app/releases/#v11.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:05:21.417Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-794697.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-364175.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-769027.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-22T05:01:05.519910Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354 Improper Validation of Integrity Check Value\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T20:45:13.765Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html\"}, {\"url\": \"https://matt.ucc.asn.au/dropbear/CHANGES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES\"}, {\"url\": \"https://www.netsarang.com/en/xshell-update-history/\"}, {\"url\": \"https://www.paramiko.org/changelog.html\"}, {\"url\": \"https://www.openssh.com/openbsd.html\"}, {\"url\": \"https://github.com/openssh/openssh-portable/commits/master\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ\"}, {\"url\": \"https://www.bitvise.com/ssh-server-version-history\"}, {\"url\": \"https://github.com/ronf/asyncssh/tags\"}, {\"url\": \"https://gitlab.com/libssh/libssh-mirror/-/tags\"}, {\"url\": \"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/\"}, {\"url\": \"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42\"}, {\"url\": \"https://www.openssh.com/txt/release-9.6\"}, {\"url\": \"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/\"}, {\"url\": \"https://www.terrapin-attack.com\"}, {\"url\": \"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25\"}, {\"url\": \"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst\"}, {\"url\": \"https://thorntech.com/cve-2023-48795-and-sftp-gateway/\"}, {\"url\": \"https://github.com/warp-tech/russh/releases/tag/v0.40.2\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/18/2\"}, {\"url\": \"https://twitter.com/TrueSkrillor/status/1736774389725565005\"}, {\"url\": \"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d\"}, {\"url\": \"https://github.com/paramiko/paramiko/issues/2337\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg\"}, {\"url\": \"https://news.ycombinator.com/item?id=38684904\"}, {\"url\": \"https://news.ycombinator.com/item?id=38685286\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/18/3\", \"name\": \"[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://github.com/mwiede/jsch/issues/457\"}, {\"url\": \"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6\"}, {\"url\": \"https://github.com/erlang/otp/releases/tag/OTP-26.2.1\"}, {\"url\": \"https://github.com/advisories/GHSA-45x7-px36-x8w8\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/libssh2\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-48795\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1217950\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2254210\"}, {\"url\": \"https://bugs.gentoo.org/920280\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-48795\"}, {\"url\": \"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/\"}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-48795\"}, {\"url\": \"https://github.com/mwiede/jsch/pull/461\"}, {\"url\": \"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6\"}, {\"url\": \"https://github.com/libssh2/libssh2/pull/1291\"}, {\"url\": \"https://forum.netgate.com/topic/184941/terrapin-ssh-attack\"}, {\"url\": \"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5\"}, {\"url\": \"https://github.com/rapier1/hpn-ssh/releases\"}, {\"url\": \"https://github.com/proftpd/proftpd/issues/456\"}, {\"url\": \"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1\"}, {\"url\": \"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15\"}, {\"url\": \"https://oryx-embedded.com/download/#changelog\"}, {\"url\": \"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update\"}, {\"url\": \"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22\"}, {\"url\": \"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab\"}, {\"url\": \"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3\"}, {\"url\": \"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC\"}, {\"url\": \"https://crates.io/crates/thrussh/versions\"}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/275249\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/19/5\", \"name\": \"[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc\"}, {\"url\": \"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/20/3\", \"name\": \"[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES\"}, {\"url\": \"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES\"}, {\"url\": \"https://github.com/apache/mina-sshd/issues/445\"}, {\"url\": \"https://github.com/hierynomus/sshj/issues/916\"}, {\"url\": \"https://github.com/janmojzis/tinyssh/issues/81\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/20/3\"}, {\"url\": \"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2\"}, {\"url\": \"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/\", \"name\": \"FEDORA-2023-0733306be9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5586\", \"name\": \"DSA-5586\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508\"}, {\"url\": \"https://www.theregister.com/2023/12/20/terrapin_attack_ssh\"}, {\"url\": \"https://filezilla-project.org/versions.php\"}, {\"url\": \"https://nova.app/releases/#v11.8\"}, {\"url\": \"https://roumenpetrov.info/secsh/#news20231220\"}, {\"url\": \"https://www.vandyke.com/products/securecrt/history.txt\"}, {\"url\": \"https://help.panic.com/releasenotes/transmit5/\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta\"}, {\"url\": \"https://github.com/PowerShell/Win32-OpenSSH/issues/2189\"}, {\"url\": \"https://winscp.net/eng/docs/history#6.2.2\"}, {\"url\": \"https://www.bitvise.com/ssh-client-version-history#933\"}, {\"url\": \"https://github.com/cyd01/KiTTY/issues/520\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5588\", \"name\": \"DSA-5588\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/ssh-mitm/ssh-mitm/issues/165\"}, {\"url\": \"https://news.ycombinator.com/item?id=38732005\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html\", \"name\": \"[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-16\", \"name\": \"GLSA-202312-16\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-17\", \"name\": \"GLSA-202312-17\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/\", \"name\": \"FEDORA-2023-20feb865d8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/\", \"name\": \"FEDORA-2023-cb8c606fbb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/\", \"name\": \"FEDORA-2023-e77300e4b5\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/\", \"name\": \"FEDORA-2023-b87ec6cf47\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/\", \"name\": \"FEDORA-2023-153404713b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240105-0004/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/\", \"name\": \"FEDORA-2024-3bb23c77f3\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/\", \"name\": \"FEDORA-2023-55800423a8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/\", \"name\": \"FEDORA-2024-d946b9ad25\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/\", \"name\": \"FEDORA-2024-71c2c6526c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/\", \"name\": \"FEDORA-2024-39a8c72ea9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\", \"name\": \"FEDORA-2024-ae653fb07b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/\", \"name\": \"FEDORA-2024-2705241461\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\", \"name\": \"FEDORA-2024-fb32950d11\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/\", \"name\": \"FEDORA-2024-7b08207cdb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/\", \"name\": \"FEDORA-2024-06ebb70bdd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html\", \"name\": \"[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/\", \"name\": \"FEDORA-2024-a53b24023d\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/\", \"name\": \"FEDORA-2024-3fd1bc9276\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214084\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Mar/21\", \"name\": \"20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html\", \"name\": \"[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/17/8\", \"name\": \"[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/06/3\", \"name\": \"[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-01T18:06:23.972Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-48795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T11:02:25.905Z\", \"dateReserved\": \"2023-11-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-12-18T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2024:0558-1
Vulnerability from csaf_suse - Published: 2024-02-20 16:34 - Updated: 2024-02-20 16:34Summary
Security update for libssh2_org
Severity
Important
Notes
Title of the patch: Security update for libssh2_org
Description of the patch: This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
Patchnames: SUSE-2024-558,SUSE-SLE-Micro-5.3-2024-558,SUSE-SLE-Micro-5.4-2024-558,SUSE-SLE-Micro-5.5-2024-558,SUSE-SLE-Module-Basesystem-15-SP5-2024-558,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-558,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-558,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-558,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-558,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-558,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-558,SUSE-SUSE-MicroOS-5.1-2024-558,SUSE-SUSE-MicroOS-5.2-2024-558,SUSE-Storage-7.1-2024-558,openSUSE-Leap-Micro-5.3-2024-558,openSUSE-Leap-Micro-5.4-2024-558,openSUSE-SLE-15.5-2024-558
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh2_org",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh2_org fixes the following issues:\n\n- Always add the KEX pseudo-methods \u0027ext-info-c\u0027 and \u0027kex-strict-c-v00@openssh.com\u0027\n when configuring custom method list. [bsc#1218971, CVE-2023-48795]\n\n * The strict-kex extension is announced in the list of available\n KEX methods. However, when the default KEX method list is modified\n or replaced, the extension is not added back automatically.\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-558,SUSE-SLE-Micro-5.3-2024-558,SUSE-SLE-Micro-5.4-2024-558,SUSE-SLE-Micro-5.5-2024-558,SUSE-SLE-Module-Basesystem-15-SP5-2024-558,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-558,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-558,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-558,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-558,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-558,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-558,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-558,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-558,SUSE-SUSE-MicroOS-5.1-2024-558,SUSE-SUSE-MicroOS-5.2-2024-558,SUSE-Storage-7.1-2024-558,openSUSE-Leap-Micro-5.3-2024-558,openSUSE-Leap-Micro-5.4-2024-558,openSUSE-SLE-15.5-2024-558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0558-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0558-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240558-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0558-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017960.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218971",
"url": "https://bugzilla.suse.com/1218971"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
}
],
"title": "Security update for libssh2_org",
"tracking": {
"current_release_date": "2024-02-20T16:34:49Z",
"generator": {
"date": "2024-02-20T16:34:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0558-1",
"initial_release_date": "2024-02-20T16:34:49Z",
"revision_history": [
{
"date": "2024-02-20T16:34:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"product": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"product_id": "libssh2-1-1.11.0-150000.4.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"product": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"product_id": "libssh2-devel-1.11.0-150000.4.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-64bit-1.11.0-150000.4.25.1.aarch64_ilp32",
"product": {
"name": "libssh2-1-64bit-1.11.0-150000.4.25.1.aarch64_ilp32",
"product_id": "libssh2-1-64bit-1.11.0-150000.4.25.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.0-150000.4.25.1.i586",
"product": {
"name": "libssh2-1-1.11.0-150000.4.25.1.i586",
"product_id": "libssh2-1-1.11.0-150000.4.25.1.i586"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.11.0-150000.4.25.1.i586",
"product": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.i586",
"product_id": "libssh2-devel-1.11.0-150000.4.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"product": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"product_id": "libssh2-1-1.11.0-150000.4.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"product": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"product_id": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"product": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"product_id": "libssh2-1-1.11.0-150000.4.25.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"product": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"product_id": "libssh2-devel-1.11.0-150000.4.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"product": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"product_id": "libssh2-1-1.11.0-150000.4.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"product": {
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"product_id": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"product": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"product_id": "libssh2-devel-1.11.0-150000.4.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.0-150000.4.25.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.aarch64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.s390x"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.11.0-150000.4.25.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.x86_64"
},
"product_reference": "libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Enterprise Storage 7.1:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"SUSE Manager Server 4.3:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-1-32bit-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.ppc64le",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap 15.5:libssh2-devel-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.3:libssh2-1-1.11.0-150000.4.25.1.x86_64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.aarch64",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.s390x",
"openSUSE Leap Micro 5.4:libssh2-1-1.11.0-150000.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-20T16:34:49Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
}
]
}
SUSE-SU-2024:0972-1
Vulnerability from csaf_suse - Published: 2024-03-22 10:21 - Updated: 2024-03-22 10:21Summary
Security update for jbcrypt, trilead-ssh2
Severity
Moderate
Notes
Title of the patch: Security update for jbcrypt, trilead-ssh2
Description of the patch: This update for jbcrypt, trilead-ssh2 fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).
Patchnames: SUSE-2024-972,openSUSE-SLE-15.5-2024-972
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jbcrypt, trilead-ssh2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jbcrypt, trilead-ssh2 fixes the following issues:\n\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-972,openSUSE-SLE-15.5-2024-972",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0972-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0972-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240972-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0972-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018189.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218198",
"url": "https://bugzilla.suse.com/1218198"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
}
],
"title": "Security update for jbcrypt, trilead-ssh2",
"tracking": {
"current_release_date": "2024-03-22T10:21:42Z",
"generator": {
"date": "2024-03-22T10:21:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0972-1",
"initial_release_date": "2024-03-22T10:21:42Z",
"revision_history": [
{
"date": "2024-03-22T10:21:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jbcrypt-1.0.2-150200.5.3.1.noarch",
"product": {
"name": "jbcrypt-1.0.2-150200.5.3.1.noarch",
"product_id": "jbcrypt-1.0.2-150200.5.3.1.noarch"
}
},
{
"category": "product_version",
"name": "jbcrypt-javadoc-1.0.2-150200.5.3.1.noarch",
"product": {
"name": "jbcrypt-javadoc-1.0.2-150200.5.3.1.noarch",
"product_id": "jbcrypt-javadoc-1.0.2-150200.5.3.1.noarch"
}
},
{
"category": "product_version",
"name": "trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"product": {
"name": "trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"product_id": "trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"product": {
"name": "trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"product_id": "trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch"
},
"product_reference": "trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch"
},
"product_reference": "trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"openSUSE Leap 15.5:trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"openSUSE Leap 15.5:trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:trilead-ssh2-217.293.v56de4d4d3515-150200.3.7.1.noarch",
"openSUSE Leap 15.5:trilead-ssh2-javadoc-217.293.v56de4d4d3515-150200.3.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-22T10:21:42Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
}
]
}
SUSE-SU-2024:0974-1
Vulnerability from csaf_suse - Published: 2024-03-22 10:23 - Updated: 2024-03-22 10:23Summary
Security update for jsch-agent-proxy
Severity
Moderate
Notes
Title of the patch: Security update for jsch-agent-proxy
Description of the patch: This update for jsch-agent-proxy fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).
Patchnames: SUSE-2024-974,openSUSE-SLE-15.5-2024-974
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jsch-agent-proxy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jsch-agent-proxy fixes the following issues:\n\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-974,openSUSE-SLE-15.5-2024-974",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0974-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0974-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240974-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0974-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018187.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218198",
"url": "https://bugzilla.suse.com/1218198"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
}
],
"title": "Security update for jsch-agent-proxy",
"tracking": {
"current_release_date": "2024-03-22T10:23:44Z",
"generator": {
"date": "2024-03-22T10:23:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0974-1",
"initial_release_date": "2024-03-22T10:23:44Z",
"revision_history": [
{
"date": "2024-03-22T10:23:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch",
"product": {
"name": "jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch",
"product_id": "jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch"
},
"product_reference": "jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:jsch-agent-proxy-connector-factory-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-core-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-javadoc-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-jsch-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-pageant-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-sshagent-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-jna-0.0.9-150200.3.7.1.noarch",
"openSUSE Leap 15.5:jsch-agent-proxy-usocket-nc-0.0.9-150200.3.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-22T10:23:44Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
}
]
}
SUSE-SU-2024:3656-1
Vulnerability from csaf_suse - Published: 2024-10-16 11:33 - Updated: 2024-10-16 11:33Summary
Security update for etcd
Severity
Moderate
Notes
Title of the patch: Security update for etcd
Description of the patch: This update for etcd fixes the following issues:
Update to version 3.5.12:
Security fixes:
- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)
- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)
- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)
Other changes:
- Added hardening to systemd service(s) (bsc#1181400)
- Fixed static /tmp file issue (bsc#1199031)
- Fixed systemd service not starting (bsc#1183703)
Full changelog:
https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12
Patchnames: SUSE-2024-3656,openSUSE-SLE-15.5-2024-3656,openSUSE-SLE-15.6-2024-3656
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
61 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for etcd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for etcd fixes the following issues:\n\nUpdate to version 3.5.12:\n\nSecurity fixes:\n\n- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)\n- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)\n- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)\n- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)\n- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)\n- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)\n- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)\n- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)\n- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)\n- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)\n\nOther changes:\n\n- Added hardening to systemd service(s) (bsc#1181400)\n- Fixed static /tmp file issue (bsc#1199031)\n- Fixed systemd service not starting (bsc#1183703)\n\nFull changelog:\n\nhttps://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3656,openSUSE-SLE-15.5-2024-3656,openSUSE-SLE-15.6-2024-3656",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3656-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3656-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-October/037265.html"
},
{
"category": "self",
"summary": "SUSE Bug 1095184",
"url": "https://bugzilla.suse.com/1095184"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121850",
"url": "https://bugzilla.suse.com/1121850"
},
{
"category": "self",
"summary": "SUSE Bug 1174951",
"url": "https://bugzilla.suse.com/1174951"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1183703",
"url": "https://bugzilla.suse.com/1183703"
},
{
"category": "self",
"summary": "SUSE Bug 1199031",
"url": "https://bugzilla.suse.com/1199031"
},
{
"category": "self",
"summary": "SUSE Bug 1208270",
"url": "https://bugzilla.suse.com/1208270"
},
{
"category": "self",
"summary": "SUSE Bug 1208297",
"url": "https://bugzilla.suse.com/1208297"
},
{
"category": "self",
"summary": "SUSE Bug 1210138",
"url": "https://bugzilla.suse.com/1210138"
},
{
"category": "self",
"summary": "SUSE Bug 1213229",
"url": "https://bugzilla.suse.com/1213229"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1217950",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "self",
"summary": "SUSE Bug 1218150",
"url": "https://bugzilla.suse.com/1218150"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16886 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28235 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41723 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-29406 page",
"url": "https://www.suse.com/security/cve/CVE-2023-29406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
}
],
"title": "Security update for etcd",
"tracking": {
"current_release_date": "2024-10-16T11:33:42Z",
"generator": {
"date": "2024-10-16T11:33:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3656-1",
"initial_release_date": "2024-10-16T11:33:42Z",
"revision_history": [
{
"date": "2024-10-16T11:33:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcd-3.5.12-150000.7.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcdctl-3.5.12-150000.7.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcdutl-3.5.12-150000.7.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcd-3.5.12-150000.7.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcdctl-3.5.12-150000.7.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcdutl-3.5.12-150000.7.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.s390x",
"product_id": "etcd-3.5.12-150000.7.6.1.s390x"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x",
"product_id": "etcdctl-3.5.12-150000.7.6.1.s390x"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.s390x",
"product_id": "etcdutl-3.5.12-150000.7.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcd-3.5.12-150000.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcdctl-3.5.12-150000.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcdutl-3.5.12-150000.7.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-16886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16886"
}
],
"notes": [
{
"category": "general",
"text": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16886",
"url": "https://www.suse.com/security/cve/CVE-2018-16886"
},
{
"category": "external",
"summary": "SUSE Bug 1121850 for CVE-2018-16886",
"url": "https://bugzilla.suse.com/1121850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16886"
},
{
"cve": "CVE-2020-15106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15106"
}
],
"notes": [
{
"category": "general",
"text": "In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15106",
"url": "https://www.suse.com/security/cve/CVE-2020-15106"
},
{
"category": "external",
"summary": "SUSE Bug 1174951 for CVE-2020-15106",
"url": "https://bugzilla.suse.com/1174951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15106"
},
{
"cve": "CVE-2020-15112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15112"
}
],
"notes": [
{
"category": "general",
"text": "In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15112",
"url": "https://www.suse.com/security/cve/CVE-2020-15112"
},
{
"category": "external",
"summary": "SUSE Bug 1174951 for CVE-2020-15112",
"url": "https://bugzilla.suse.com/1174951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15112"
},
{
"cve": "CVE-2021-28235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28235"
}
],
"notes": [
{
"category": "general",
"text": "Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28235",
"url": "https://www.suse.com/security/cve/CVE-2021-28235"
},
{
"category": "external",
"summary": "SUSE Bug 1210138 for CVE-2021-28235",
"url": "https://bugzilla.suse.com/1210138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2021-28235"
},
{
"cve": "CVE-2022-41723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41723"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41723",
"url": "https://www.suse.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "SUSE Bug 1208270 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1208270"
},
{
"category": "external",
"summary": "SUSE Bug 1215588 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1215588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2023-29406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-29406"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-29406",
"url": "https://www.suse.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "SUSE Bug 1213229 for CVE-2023-29406",
"url": "https://bugzilla.suse.com/1213229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2023-29406"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
}
]
}
SUSE-SU-2025:20009-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:47 - Updated: 2025-02-03 08:47Summary
Security update for openssh
Severity
Critical
Notes
Title of the patch: Security update for openssh
Description of the patch: This update for openssh fixes the following issues:
- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)
- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).
Patchnames: SUSE-SLE-Micro-6.0-8
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssh",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssh fixes the following issues:\n\n- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)\n- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20009-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20009-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520009-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20009-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021369.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217950",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "self",
"summary": "SUSE Bug 1218215",
"url": "https://bugzilla.suse.com/1218215"
},
{
"category": "self",
"summary": "SUSE Bug 1226642",
"url": "https://bugzilla.suse.com/1226642"
},
{
"category": "self",
"summary": "SUSE Bug 1227318",
"url": "https://bugzilla.suse.com/1227318"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-51385 page",
"url": "https://www.suse.com/security/cve/CVE-2023-51385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39894 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6387 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6387/"
}
],
"title": "Security update for openssh",
"tracking": {
"current_release_date": "2025-02-03T08:47:06Z",
"generator": {
"date": "2025-02-03T08:47:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20009-1",
"initial_release_date": "2025-02-03T08:47:06Z",
"revision_history": [
{
"date": "2025-02-03T08:47:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssh-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-9.6p1-2.1.aarch64",
"product_id": "openssh-9.6p1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-clients-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-clients-9.6p1-2.1.aarch64",
"product_id": "openssh-clients-9.6p1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-common-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-common-9.6p1-2.1.aarch64",
"product_id": "openssh-common-9.6p1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-fips-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-fips-9.6p1-2.1.aarch64",
"product_id": "openssh-fips-9.6p1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-server-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-server-9.6p1-2.1.aarch64",
"product_id": "openssh-server-9.6p1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"product": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"product_id": "openssh-server-config-rootlogin-9.6p1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-9.6p1-2.1.s390x",
"product": {
"name": "openssh-9.6p1-2.1.s390x",
"product_id": "openssh-9.6p1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-clients-9.6p1-2.1.s390x",
"product": {
"name": "openssh-clients-9.6p1-2.1.s390x",
"product_id": "openssh-clients-9.6p1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-common-9.6p1-2.1.s390x",
"product": {
"name": "openssh-common-9.6p1-2.1.s390x",
"product_id": "openssh-common-9.6p1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-fips-9.6p1-2.1.s390x",
"product": {
"name": "openssh-fips-9.6p1-2.1.s390x",
"product_id": "openssh-fips-9.6p1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-server-9.6p1-2.1.s390x",
"product": {
"name": "openssh-server-9.6p1-2.1.s390x",
"product_id": "openssh-server-9.6p1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"product": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"product_id": "openssh-server-config-rootlogin-9.6p1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-9.6p1-2.1.x86_64",
"product_id": "openssh-9.6p1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-clients-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-clients-9.6p1-2.1.x86_64",
"product_id": "openssh-clients-9.6p1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-common-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-common-9.6p1-2.1.x86_64",
"product_id": "openssh-common-9.6p1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-fips-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-fips-9.6p1-2.1.x86_64",
"product_id": "openssh-fips-9.6p1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-server-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-server-9.6p1-2.1.x86_64",
"product_id": "openssh-server-9.6p1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-server-config-rootlogin-9.6p1-2.1.x86_64",
"product": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.x86_64",
"product_id": "openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x"
},
"product_reference": "openssh-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-clients-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x"
},
"product_reference": "openssh-clients-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-clients-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-common-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x"
},
"product_reference": "openssh-common-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-common-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-fips-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x"
},
"product_reference": "openssh-fips-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-fips-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-server-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x"
},
"product_reference": "openssh-server-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-server-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64"
},
"product_reference": "openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x"
},
"product_reference": "openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-config-rootlogin-9.6p1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
},
"product_reference": "openssh-server-config-rootlogin-9.6p1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:47:06Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-51385"
}
],
"notes": [
{
"category": "general",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-51385",
"url": "https://www.suse.com/security/cve/CVE-2023-51385"
},
{
"category": "external",
"summary": "SUSE Bug 1218215 for CVE-2023-51385",
"url": "https://bugzilla.suse.com/1218215"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-51385",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:47:06Z",
"details": "moderate"
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2024-39894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39894"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39894",
"url": "https://www.suse.com/security/cve/CVE-2024-39894"
},
{
"category": "external",
"summary": "SUSE Bug 1227318 for CVE-2024-39894",
"url": "https://bugzilla.suse.com/1227318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:47:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-39894"
},
{
"cve": "CVE-2024-6387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6387"
}
],
"notes": [
{
"category": "general",
"text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6387",
"url": "https://www.suse.com/security/cve/CVE-2024-6387"
},
{
"category": "external",
"summary": "SUSE Bug 1226641 for CVE-2024-6387",
"url": "https://bugzilla.suse.com/1226641"
},
{
"category": "external",
"summary": "SUSE Bug 1226642 for CVE-2024-6387",
"url": "https://bugzilla.suse.com/1226642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-clients-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-common-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-fips-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-9.6p1-2.1.x86_64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.aarch64",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.s390x",
"SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:47:06Z",
"details": "important"
}
],
"title": "CVE-2024-6387"
}
]
}
VDE-2024-014
Vulnerability from csaf_wagogmbhcokg - Published: 2024-02-22 07:00 - Updated: 2025-06-05 13:28Summary
WAGO: Multiple products affected by Terrapin
Notes
Impact: The Terrapin attack vulnerability in the SSH transport protocol poses a risk by allowing remote attackers to compromise the integrity of connections, potentially leading to the downgrade or disablement of critical security features.
Remediation: A fix for the affected Firmwares will be provided with the following firmware versions:
- FW22, Patch 2 installed on 750-810x
- FW22, Patch 2 installed on 750-821x
- FW22, Patch 2 installed on 762-4x0x
- FW22, Patch 2 installed on 762-5x0x
- FW22, Patch 2 installed on 762-6x0x
- FW22, Patch 2 installed on 752-8303
- FW27 installed on 750-811x
- FW27 installed on 750-821x
- FW27 installed on 751-9301
- FW27 installed on 751-9401
- FW27 installed on 762-4x0x
- FW27 installed on 762-5x0x
- FW27 installed on 762-6x0x
- FW27 installed on 752-8303
- Custom Firmware 03.03.08 (80) installed on 750-820x
- Custom Firmware 04.03.03 (72) installed on 751-9301
- Custom Firmware 04.03.03 (72) installed on 751-9401
- Custom Firmware 04.04.03 (70) installed on 750-821x
Summary: Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
5.9 (Medium)
Vendor Fix
A fix for the affected Firmwares will be provided with the following firmware versions:
- FW22, Patch 2 installed on 750-810x
- FW22, Patch 2 installed on 750-821x
- FW22, Patch 2 installed on 762-4x0x
- FW22, Patch 2 installed on 762-5x0x
- FW22, Patch 2 installed on 762-6x0x
- FW22, Patch 2 installed on 752-8303
- FW27 installed on 750-811x
- FW27 installed on 750-821x
- FW27 installed on 751-9301
- FW27 installed on 751-9401
- FW27 installed on 762-4x0x
- FW27 installed on 762-5x0x
- FW27 installed on 762-6x0x
- FW27 installed on 752-8303
- Custom Firmware 03.03.08 (80) installed on 750-820x
- Custom Firmware 04.03.03 (72) installed on 751-9301
- Custom Firmware 04.03.03 (72) installed on 751-9401
- Custom Firmware 04.04.03 (70) installed on 750-821x
Affected products
Fixed
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — |
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — |
References
4 references
| URL | Category |
|---|---|
| https://certvde.com/en/advisories/VDE-2024-014/ | self |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | self |
| https://www.wago.com/psirt | external |
| https://certvde.com/en/advisories/vendor/wago/ | external |
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "description",
"text": "The Terrapin attack vulnerability in the SSH transport protocol poses a risk by allowing remote attackers to compromise the integrity of connections, potentially leading to the downgrade or disablement of critical security features.",
"title": "Impact"
},
{
"category": "description",
"text": "A fix for the affected Firmwares will be provided with the following firmware versions:\n\n- FW22, Patch 2 installed on 750-810x\n- FW22, Patch 2 installed on 750-821x\n- FW22, Patch 2 installed on 762-4x0x\n- FW22, Patch 2 installed on 762-5x0x\n- FW22, Patch 2 installed on 762-6x0x\n- FW22, Patch 2 installed on 752-8303\n- FW27 installed on 750-811x\n- FW27 installed on 750-821x\n- FW27 installed on 751-9301\n- FW27 installed on 751-9401\n- FW27 installed on 762-4x0x\n- FW27 installed on 762-5x0x\n- FW27 installed on 762-6x0x\n- FW27 installed on 752-8303\n- Custom Firmware 03.03.08 (80) installed on 750-820x\n- Custom Firmware 04.03.03 (72) installed on 751-9301\n- Custom Firmware 04.03.03 (72) installed on 751-9401\n- Custom Firmware 04.04.03 (70) installed on 750-821x",
"title": "Remediation"
},
{
"category": "summary",
"text": "Several WAGO Firmwares are vulnerable to a to a remote attack which allows to bypass the integrity check through OpenSSH. This called Terrapin attack occurs because of mishandled handshake phase.",
"title": "Summary"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2024-014: WAGO: Multiple products affected by Terrapin - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-014/"
},
{
"category": "self",
"summary": "VDE-2024-014: WAGO: Multiple products affected by Terrapin - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-014.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple products affected by Terrapin",
"tracking": {
"aliases": [
"VDE-2024-014"
],
"current_release_date": "2025-06-05T13:28:13.000Z",
"generator": {
"date": "2025-05-08T07:43:10.155Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2024-014",
"initial_release_date": "2024-02-22T07:00:00.000Z",
"revision_history": [
{
"date": "2024-02-22T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-06-05T13:28:13.000Z",
"number": "2",
"summary": "Fix: version space"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-810x",
"product": {
"name": "750-810x",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-811x",
"product": {
"name": "750-811x",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-820x",
"product": {
"name": "750-820x",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-821x",
"product": {
"name": "750-821x",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "751-9301",
"product": {
"name": "751-9301",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "751-9401",
"product": {
"name": "751-9401",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "752-8303",
"product": {
"name": "752-8303",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "762-4x0x",
"product": {
"name": "762-4x0x",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "762-5x0x",
"product": {
"name": "762-5x0x",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "762-6x0x",
"product": {
"name": "762-6x0x",
"product_id": "CSAFPID-11010"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFW22, Patch 2",
"product": {
"name": "Firmware \u003cFW22, Patch 2",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cFW27",
"product": {
"name": "Firmware \u003cFW27",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c03.03.08 (80)",
"product": {
"name": "Firmware \u003c03.03.08 (80)",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c04.03.03 (70)",
"product": {
"name": "Firmware \u003c04.03.03 (70)",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c04.03.03 (72)",
"product": {
"name": "Firmware \u003c04.03.03 (72)",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "FW22",
"product": {
"name": "Firmware FW22",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW27",
"product": {
"name": "Firmware FW27",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "03.03.08 (80)",
"product": {
"name": "Firmware 03.03.08 (80)",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "04.03.03 (70)",
"product": {
"name": "Firmware 04.03.03 (70)",
"product_id": "CSAFPID-22004"
}
},
{
"category": "product_version",
"name": "04.03.03 (72)",
"product": {
"name": "Firmware 04.03.03 (72)",
"product_id": "CSAFPID-22005"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 750-810x",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 750-811x",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c03.03.08 (80) installed on 750-820x",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 750-820x",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.03.03 (70) installed on 750-821x",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 750-821x",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 750-821x",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.03.03 (72) installed on 751-9301",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 751-9301",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c04.03.03 (72) installed on 751-9401",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 751-9401",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 752-8303",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 752-8303",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 762-4x0x",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 762-4x0x",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 762-5x0x",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 762-5x0x",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW22, Patch 2 installed on 762-6x0x",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cFW27 installed on 762-6x0x",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 750-810x",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 750-811x",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 03.03.08 (80) installed on 750-820x",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 750-820x",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.03.03 (70) installed on 750-821x",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 750-821x",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 750-821x",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.03.03 (72) installed on 751-9301",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 751-9301",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 04.03.03 (72) installed on 751-9401",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 751-9401",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 752-8303",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 752-8303",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 762-4x0x",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 762-4x0x",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 762-5x0x",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 762-5x0x",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW22 installed on 762-6x0x",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW27 installed on 762-6x0x",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "description",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "A fix for the affected Firmwares will be provided with the following firmware versions:\n\n- FW22, Patch 2 installed on 750-810x\n- FW22, Patch 2 installed on 750-821x\n- FW22, Patch 2 installed on 762-4x0x\n- FW22, Patch 2 installed on 762-5x0x\n- FW22, Patch 2 installed on 762-6x0x\n- FW22, Patch 2 installed on 752-8303\n- FW27 installed on 750-811x\n- FW27 installed on 750-821x\n- FW27 installed on 751-9301\n- FW27 installed on 751-9401\n- FW27 installed on 762-4x0x\n- FW27 installed on 762-5x0x\n- FW27 installed on 762-6x0x\n- FW27 installed on 752-8303\n- Custom Firmware 03.03.08 (80) installed on 750-820x\n- Custom Firmware 04.03.03 (72) installed on 751-9301\n- Custom Firmware 04.03.03 (72) installed on 751-9401\n- Custom Firmware 04.04.03 (70) installed on 750-821x",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019"
]
}
],
"title": "CVE-2023-48795"
}
]
}
VDE-2024-073
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2024-12-09 11:00 - Updated: 2025-05-22 13:03Summary
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
Severity
Critical
Notes
Summary: Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS
Impact: Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.
Remediation: Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
General Recommendation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with 'domain=co.UK' when the URL used a lower case hostname 'curl.co.uk', even though 'co.uk' is listed as a PSL domain.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
8.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as 'none' (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named 'none' - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
CWE-73 - External Control of File Name or Path
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
5.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
5.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
4.7 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
5.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
5.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0's can be added at the start of an integer. gRPC's hpack parser needed to read all of them before concluding a parse. - gRPC's metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
7.4 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for '-bin' suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
4.8 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
6.4 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
6.5 (Medium)
2.1 ()
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
5.9 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
5.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
6.5 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
9.8 (Critical)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
5.9 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Under some circumstances, this weakness allows a user who has access to run the 'ps' utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
CWE-122 - Heap-based Buffer Overflow
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
5.5 (Medium)
5.5 (Medium)
5.2 ()
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
8.1 (High)
5.8 ()
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CWE-1319 - Improper Protection against Electromagnetic Fault Injection (EM-FI)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
6.2 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
4 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
7.3 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
4.8 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
7.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit '25aabc2b' which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-416 - Use After Free
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit '6bf131888' which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-190 - Integer Overflow or Wraparound
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a ':s' command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive ':s' call causes free-ing of memory which may later then be accessed by the initial ':s' command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
CWE-416 - Use After Free
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function 'ga_grow_inner' in in the file 'src/alloc.c' at line 748, which is freed in the file 'src/ex_docmd.c' in the function 'do_cmdline' at line 1010 and then used again in 'src/cmdhist.c' at line 759. When using the ':history' command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
4 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
8.8 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
References
5 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination.",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"title": "Remediation"
},
{
"category": "general",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2024/00017",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
},
{
"category": "self",
"summary": "VDE-2024-073: Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-073"
},
{
"category": "self",
"summary": "VDE-2024-073: Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-073.json"
}
],
"source_lang": "en",
"title": "Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2024-073",
"PCSA-2024/00017"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2024-12-03T08:39:24.953Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2024-073",
"initial_release_date": "2024-12-09T11:00:00.000Z",
"revision_history": [
{
"date": "2024-12-09T11:00:00.000Z",
"number": "1",
"summary": "Initial"
},
{
"date": "2025-03-26T11:22:00.000Z",
"number": "2",
"summary": "Fixed publisher information. Removed the space after the version operator."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1502",
"product": {
"name": "EPC 1502",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1522",
"product": {
"name": "EPC 1522",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2024.0.6 LTS",
"product": {
"name": "Firmware \u003c2024.0.6 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c2024.0.3 LTS",
"product": {
"name": "Firmware \u003c2024.0.3 LTS",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version",
"name": "2024.0.6 LTS",
"product": {
"name": "Firmware 2024.0.6 LTS",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "2024.0.3 LTS",
"product": {
"name": "Firmware 2024.0.3 LTS",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-61001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-62001",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"summary": "Fixed Product."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31007",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32007",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on RFC 4072R",
"product_id": "CSAFPID-31008",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on RFC 4072R",
"product_id": "CSAFPID-32008",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.3 LTS installed on EPC 1502",
"product_id": "CSAFPID-31009",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.3 LTS installed on EPC 1502",
"product_id": "CSAFPID-32009",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.3 LTS installed on EPC 1522",
"product_id": "CSAFPID-31010",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.3 LTS installed on EPC 1522",
"product_id": "CSAFPID-32010",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38039",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-38039"
},
{
"cve": "CVE-2023-46219",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl\u0027s function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with \u0027domain=co.UK\u0027 when the URL used a lower\ncase hostname \u0027curl.co.uk\u0027, even though \u0027co.uk\u0027 is listed as a PSL domain.\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-38545",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "This flaw allows an attacker to insert cookies at will into a running program\nusing libcurl, if the specific series of conditions are met.\n\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\nthat are the individual handles for single transfers.\n\nlibcurl provides a function call that duplicates en easy handle called\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\n\nIf a transfer has cookies enabled when the handle is duplicated, the\ncookie-enable state is also cloned - but without cloning the actual\ncookies. If the source handle did not read any cookies from a specific file on\ndisk, the cloned version of the handle would instead store the file name as\n\u0027none\u0027 (using the four ASCII letters, no quotes).\n\nSubsequent use of the cloned handle that does not explicitly set a source to\nload cookies from would then inadvertently load cookies from a file named\n\u0027none\u0027 - if such a file exists and is readable in the current directory of the\nprogram using libcurl. And if using the correct file format of course.\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.7,
"environmentalSeverity": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-34969",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-34969](https://nvd.nist.gov/vuln/detail/CVE-2023-34969)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-34969"
},
{
"cve": "CVE-2022-42010",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-42010"
},
{
"cve": "CVE-2022-42011",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-42011"
},
{
"cve": "CVE-2022-42012",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-42012"
},
{
"cve": "CVE-2022-48554",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-48554](https://nvd.nist.gov/vuln/detail/CVE-2022-48554)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-48554"
},
{
"cve": "CVE-2023-29499",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Gvariant offset table entry size is not checked in is_normal()",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-29499](https://nvd.nist.gov/vuln/detail/CVE-2023-29499)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-29499"
},
{
"cve": "CVE-2023-32636",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32636](https://nvd.nist.gov/vuln/detail/CVE-2023-32636)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32636"
},
{
"cve": "CVE-2023-32643",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32643](https://nvd.nist.gov/vuln/detail/CVE-2023-32643)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32643"
},
{
"cve": "CVE-2023-32611",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "G_variant_byteswap() can take a long time with some non-normal inputs",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32611](https://nvd.nist.gov/vuln/detail/CVE-2023-32611)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32611"
},
{
"cve": "CVE-2023-32665",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Gvariant deserialisation does not match spec for non-normal data",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32665](https://nvd.nist.gov/vuln/detail/CVE-2023-32665)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32665"
},
{
"cve": "CVE-2023-5156",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Glibc: dos due to memory leak in getaddrinfo.c",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-5156"
},
{
"cve": "CVE-2023-4911",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Glibc: buffer overflow in ld.so leading to privilege escalation",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4911"
},
{
"cve": "CVE-2024-0553",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Gnutls: incomplete fix for cve-2023-5981",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-0553](https://nvd.nist.gov/vuln/detail/CVE-2024-0553)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-0553"
},
{
"cve": "CVE-2024-0567",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Gnutls: rejects certificate chain with distributed trust",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-0567](https://nvd.nist.gov/vuln/detail/CVE-2024-0567)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-0567"
},
{
"cve": "CVE-2023-33953",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Denial-of-Service in gRPC",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-33953](https://nvd.nist.gov/vuln/detail/CVE-2023-33953)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u0027s can be added at the start of an integer. gRPC\u0027s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u0027s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-33953"
},
{
"cve": "CVE-2023-32731",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Information leak in gRPC",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32731](https://nvd.nist.gov/vuln/detail/CVE-2023-32731)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 \n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32731"
},
{
"cve": "CVE-2023-32732",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Denial-of-Service in gRPC",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-32732](https://nvd.nist.gov/vuln/detail/CVE-2023-32732)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for \u0027-bin\u0027 suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url \n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-32732"
},
{
"cve": "CVE-2023-4785",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Denial of Service in gRPC Core ",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4785](https://nvd.nist.gov/vuln/detail/CVE-2023-4785)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. ",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4785"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-2603",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-2603"
},
{
"cve": "CVE-2023-6004",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-6004"
},
{
"cve": "CVE-2023-26551",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-26551](https://nvd.nist.gov/vuln/detail/CVE-2023-26551)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp\u003ccpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-26551"
},
{
"cve": "CVE-2023-26552",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-26552](https://nvd.nist.gov/vuln/detail/CVE-2023-26552)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-26552"
},
{
"cve": "CVE-2023-26553",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-26553](https://nvd.nist.gov/vuln/detail/CVE-2023-26553)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-26553"
},
{
"cve": "CVE-2023-26554",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-26554](https://nvd.nist.gov/vuln/detail/CVE-2023-26554)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a \u0027\\0\u0027 character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-26554"
},
{
"cve": "CVE-2023-26555",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-26555](https://nvd.nist.gov/vuln/detail/CVE-2023-26555)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-26555"
},
{
"cve": "CVE-2022-29900",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
{
"cvss_v2": {
"baseScore": 2.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-29901",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-29901"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51384",
"cwe": {
"id": "CWE-304",
"name": "Missing Critical Step in Authentication"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-51384"
},
{
"cve": "CVE-2023-51385",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-684",
"name": "Incorrect Provision of Specified Functionality"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Incorrect cipher key \u0026 IV length processing",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST\u0027s SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-4807",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "POLY1305 MAC implementation corrupts XMM registers on Windows",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4807"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Excessive time spent checking DH q parameter value",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-47100",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-47100"
},
{
"cve": "CVE-2022-40897",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2023-40217",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won\u0027t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-40217"
},
{
"cve": "CVE-2023-4016",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Under some circumstances, this weakness allows a user who has access to run the \u0027ps\u0027 utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 2.5,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 2.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-7104](https://nvd.nist.gov/vuln/detail/CVE-2023-7104)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
{
"cvss_v2": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2021-41072",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2021-41072](https://nvd.nist.gov/vuln/detail/CVE-2021-41072)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
{
"cvss_v2": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2021-41072"
},
{
"cve": "CVE-2023-42465",
"cwe": {
"id": "CWE-1319",
"name": "Improper Protection against Electromagnetic Fault Injection (EM-FI)"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-42465](https://nvd.nist.gov/vuln/detail/CVE-2023-42465)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-42465"
},
{
"cve": "CVE-2023-5441",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "NULL Pointer Dereference in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-5441"
},
{
"cve": "CVE-2023-5344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Heap-based Buffer Overflow in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-5344"
},
{
"cve": "CVE-2023-5535",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Use After Free in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to v9.0.2010.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-5535"
},
{
"cve": "CVE-2023-4781",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Heap-based Buffer Overflow in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4781"
},
{
"cve": "CVE-2023-4734",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Integer Overflow or Wraparound in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4733",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Use After Free in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.1840.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4733"
},
{
"cve": "CVE-2023-4736",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Untrusted Search Path in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4736"
},
{
"cve": "CVE-2023-4735",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Out-of-bounds Write in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4750",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Use After Free in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.1857.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4750"
},
{
"cve": "CVE-2023-4738",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Heap-based Buffer Overflow in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4752",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Use After Free in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.1858.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4752"
},
{
"cve": "CVE-2023-4751",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Heap-based Buffer Overflow in vim/vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-4751](https://nvd.nist.gov/vuln/detail/CVE-2023-4751)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-4751"
},
{
"cve": "CVE-2023-48231",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Use-After-Free in win_close() in vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit \u002725aabc2b\u0027 which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.9,
"environmentalSeverity": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-48231"
},
{
"cve": "CVE-2023-48237",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "overflow in shift_line in vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit \u00276bf131888\u0027 which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 2.8,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 2.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-48237"
},
{
"cve": "CVE-2023-48706",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a \u0027:s\u0027 command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive \u0027:s\u0027 call causes free-ing of memory which may later then be accessed by the initial \u0027:s\u0027 command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.6,
"environmentalSeverity": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.6,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-48706"
},
{
"cve": "CVE-2023-46246",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Integer Overflow in :history command in Vim",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function \u0027ga_grow_inner\u0027 in in the file \u0027src/alloc.c\u0027 at line 748, which is freed in the file \u0027src/ex_docmd.c\u0027 in the function \u0027do_cmdline\u0027 at line 1010 and then used again in \u0027src/cmdhist.c\u0027 at line 759. When using the \u0027:history\u0027 command, it\u0027s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-46246"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2023-45853"
}
]
}
WID-SEC-W-2023-3174
Vulnerability from csaf_certbund - Published: 2023-12-18 23:00 - Updated: 2026-01-25 23:00Summary
SSH Protokoll: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.
PuTTY ist ein freier, Open Source Terminal Emulator der als Client für SSH, Telnet, rlogin und die Serielle Konsole dient.
libssh ist eine C Bibliothek für das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuführen, Dateien zu übertragen oder als sicherer und transparenter Tunnel für entfernte Programme genutzt werden.
Amazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.
Fedora ist eine von Red Hat abstammende Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle im SSH Protokoll ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Appliance
- Hardware Appliance
- Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy OVA <19.9.0.5
Dell / NetWorker
|
vProxy OVA <19.9.0.5 | ||
|
IBM Business Automation Workflow 23.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:23.0.1
|
23.0.1 | |
|
Fortinet FortiOS 7.4
Fortinet / FortiOS
|
cpe:/o:fortinet:fortios:7.4
|
7.4 | |
|
Fortinet FortiOS 7.2
Fortinet / FortiOS
|
cpe:/o:fortinet:fortios:7.2
|
7.2 | |
|
IBM Security Verify Access <11.0.2
IBM / Security Verify Access
|
<11.0.2 | ||
|
Open Source Gitea <1.21.3
Open Source / Gitea
|
<1.21.3 | ||
|
Open Source Dropbear SSH
Open Source / Dropbear SSH
|
cpe:/a:dropbear_ssh_project:dropbear_ssh:-
|
— | |
|
Jenkins Jenkins LTS <2.440.3
Jenkins / Jenkins
|
LTS <2.440.3 | ||
|
Jenkins Jenkins <2.452
Jenkins / Jenkins
|
<2.452 | ||
|
Palo Alto Networks PAN-OS
Palo Alto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <8.0.1
Red Hat / JBoss Enterprise Application Platform
|
<8.0.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Security Guardium 12.0
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:12.0
|
12 | |
|
Aruba EdgeConnect
Aruba
|
cpe:/a:aruba:edgeconnect:-
|
— | |
|
Siemens SIMATIC S7 1500 CPU
Siemens / SIMATIC S7
|
cpe:/h:siemens:simatic_s7:1500_cpu
|
1500 CPU | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:9
|
— | |
|
Dell integrated Dell Remote Access Controller iDRAC 9 <7.00.00.171
Dell / integrated Dell Remote Access Controller
|
iDRAC 9 <7.00.00.171 | ||
|
Fortinet FortiOS 7.0
Fortinet / FortiOS
|
cpe:/o:fortinet:fortios:7.0
|
7 | |
|
Meinberg LANTIME <7.08.007
Meinberg / LANTIME
|
<7.08.007 | ||
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
LANCOM LCOS SX 5.20
LANCOM / LCOS
|
cpe:/o:lancom:lcos:sx_5.20
|
SX 5.20 | |
|
LANCOM LCOS FX
LANCOM / LCOS
|
cpe:/o:lancom:lcos:fx
|
FX | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
Dell NetWorker <19.11.0.5
Dell / NetWorker
|
<19.11.0.5 | ||
|
Citrix Systems Hypervisor 8.2
Citrix Systems / Hypervisor
|
cpe:/o:citrix:hypervisor:8.2
|
8.2 | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
Moxa Switch MDS-G4028-L3 Series
Moxa / Switch
|
cpe:/h:moxa:switch:mds-g4028-l3_series
|
MDS-G4028-L3 Series | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Aruba Switch
Aruba / Switch
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.35
Red Hat / OpenShift
|
Container Platform <4.14.35 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
LANCOM LCOS LX
LANCOM / LCOS
|
cpe:/o:lancom:lcos:lx
|
LX | |
|
Dell NetWorker Virtual Edition <19.13
Dell / NetWorker
|
Virtual Edition <19.13 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
LANCOM LCOS
LANCOM / LCOS
|
cpe:/o:lancom:lcos:-
|
— | |
|
Open Source DBeaver <25.1.2
Open Source / DBeaver
|
<25.1.2 | ||
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
22.0.2 | |
|
LANCOM LCOS SX 4.20
LANCOM / LCOS
|
cpe:/o:lancom:lcos:sx_4.20
|
SX 4.20 | |
|
Golang Go
Golang
|
cpe:/a:golang:go:-
|
— | |
|
Juniper JUNOS <19.4R3-S13
Juniper / JUNOS
|
<19.4R3-S13 | ||
|
Open Source libssh <0.9.8
Open Source / libssh
|
<0.9.8 | ||
|
Juniper JUNOS <20.4R3-S10
Juniper / JUNOS
|
<20.4R3-S10 | ||
|
Open Source libssh <0.10.6
Open Source / libssh
|
<0.10.6 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Moxa Switch EDS-G512E
Moxa / Switch
|
cpe:/h:moxa:switch:eds-g512e
|
EDS-G512E | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Dell NetWorker virtual
Dell / NetWorker
|
cpe:/a:dell:networker:virtual
|
virtual | |
|
Dell ECS <3.8.1.1
Dell / ECS
|
<3.8.1.1 | ||
|
IBM QRadar SIEM <7.5.0 UP10 IF01
IBM / QRadar SIEM
|
<7.5.0 UP10 IF01 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Dell NetWorker <19.13
Dell / NetWorker
|
<19.13 | ||
|
Red Hat JBoss Enterprise Application Platform 7.4
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
7.4 | |
|
Open Source OpenSSH <9.6
Open Source / OpenSSH
|
<9.6 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Open Source PuTTY <0.80
Open Source / PuTTY
|
<0.80 | ||
|
IBM Power Hardware Management Console v10
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10
|
v10 | |
|
Open Source Dropbear SSH <2024.84
Open Source / Dropbear SSH
|
<2024.84 | ||
|
Dell integrated Dell Remote Access Controller iDRAC 8 <2.86.86.86
Dell / integrated Dell Remote Access Controller
|
iDRAC 8 <2.86.86.86 | ||
|
Red Hat JBoss Enterprise Application Platform <7.4.16
Red Hat / JBoss Enterprise Application Platform
|
<7.4.16 | ||
|
Juniper JUNOS <22.1R3-S5
Juniper / JUNOS
|
<22.1R3-S5 | ||
|
Juniper JUNOS <22.2R3-S3
Juniper / JUNOS
|
<22.2R3-S3 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Juniper JUNOS <21.4R3-S6
Juniper / JUNOS
|
<21.4R3-S6 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Juniper JUNOS <23.4R2
Juniper / JUNOS
|
<23.4R2 | ||
|
IBM SPSS Collaboration and Deployment Services 8.5
IBM / SPSS
|
cpe:/a:ibm:spss:collaboration_and_deployment_services_8.5
|
Collaboration and Deployment Services 8.5 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Juniper JUNOS <24.1R1
Juniper / JUNOS
|
<24.1R1 | ||
|
IBM Business Automation Workflow 23.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:23.0.2
|
23.0.2 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Juniper JUNOS <22.4R3-S1
Juniper / JUNOS
|
<22.4R3-S1 | ||
|
QNAP NAS
QNAP
|
cpe:/h:qnap:nas:-
|
— | |
|
Juniper JUNOS <23.2R2
Juniper / JUNOS
|
<23.2R2 | ||
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Aruba Switch
Aruba / Switch
|
cpe:/h:arubanetworks:switch:aos-cx
|
— |
References
211 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.\r\nPuTTY ist ein freier, Open Source Terminal Emulator der als Client f\u00fcr SSH, Telnet, rlogin und die Serielle Konsole dient.\r\nlibssh ist eine C Bibliothek f\u00fcr das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuf\u00fchren, Dateien zu \u00fcbertragen oder als sicherer und transparenter Tunnel f\u00fcr entfernte Programme genutzt werden.\r\nAmazon Linux ist eine Linux Distribition, die f\u00fcr Amazon Clouddienste optimiert ist.\r\nFedora ist eine von Red Hat abstammende Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im SSH Protokoll ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Hardware Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3174 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3174.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3174 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3174"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2023-12-18",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Amazon Linux 1 Security Advisory vom 2023-12-18",
"url": "https://alas.aws.amazon.com/ALAS-2023-1898.html"
},
{
"category": "external",
"summary": "Amazon Linux 2 Security Advisory vom 2023-12-18",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2376.html"
},
{
"category": "external",
"summary": "Fedora Advisory vom 2023-12-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0733306be9"
},
{
"category": "external",
"summary": "Fedora Advisory vom 2023-12-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d296850e7e"
},
{
"category": "external",
"summary": "Putty Latest News vom 2023-12-18",
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/"
},
{
"category": "external",
"summary": "SUSE CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6561-1 vom 2023-12-19",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023121948"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-23:19.OPENSSH vom 2023-12-19",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6560-1 vom 2023-12-19",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023121949"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-23:19.OPENSSH vom 2023-12-19",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275845"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6561-1 vom 2023-12-19",
"url": "https://ubuntu.com/security/notices/USN-6561-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6560-1 vom 2023-12-19",
"url": "https://ubuntu.com/security/notices/USN-6560-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4905-1 vom 2023-12-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017491.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4904-1 vom 2023-12-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017492.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4903-1 vom 2023-12-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017493.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4902-1 vom 2023-12-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017494.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-CB8C606FBB vom 2023-12-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-cb8c606fbb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-20FEB865D8 vom 2023-12-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-20feb865d8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-7FF32FC746 vom 2023-12-20",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7ff32fc746"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-153404713B vom 2023-12-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-153404713b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-B87EC6CF47 vom 2023-12-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b87ec6cf47"
},
{
"category": "external",
"summary": "Gitea Release Notes",
"url": "https://blog.gitea.com/release-of-1.21.3/"
},
{
"category": "external",
"summary": "Golang Announce Mailing List vom 2023-12-18",
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7141950083 vom 2023-12-21",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023122119"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-7934EFB5E3 vom 2023-12-21",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023122122"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-B698D8C031 vom 2023-12-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b698d8c031"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4946-1 vom 2023-12-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017514.html"
},
{
"category": "external",
"summary": "LANCOM Allgemeine Sicherheitshinweise vom 2023-12-21",
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5588 vom 2023-12-24",
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5588 vom 2023-12-24",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00285.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3694 vom 2023-12-26",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5586 vom 2023-12-22",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00283.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-55800423A8 vom 2023-12-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-55800423a8"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202312-16 vom 2023-12-28",
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202312-17 vom 2023-12-28",
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5591 vom 2023-12-28",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00288.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-0355346550 vom 2023-12-31",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0355346550"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-F0D88B447F vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f0d88b447f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-39A8C72EA9 vom 2024-01-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-39a8c72ea9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-71C2C6526C vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-71c2c6526c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-D946B9AD25 vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d946b9ad25"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0006-1 vom 2024-01-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017579.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-B45B6EADA5 vom 2024-01-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-b45b6eada5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-155A6AC298 vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-155a6ac298"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-3A29F0D349 vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3a29f0d349"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3BB23C77F3 vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3bb23c77f3"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-06EBB70BDD vom 2024-01-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-06ebb70bdd"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0035-1 vom 2024-01-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017588.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240105-0004 vom 2024-01-05",
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-241547 vom 2024-01-09",
"url": "https://security.paloaltonetworks.com/CVE-2023-48795"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-48AA5F1DAE vom 2024-01-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-48aa5f1dae"
},
{
"category": "external",
"summary": "FortiGuard Labs PSIRT Advisory FG-IR-23-490 vom 2024-01-09",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-490"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-2705241461 vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2705241461"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7B08207CDB vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7b08207cdb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AE653FB07B vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ae653fb07b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-FB32950D11 vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-fb32950d11"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-8D101D5E22 vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8d101d5e22"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-E21A9204D2 vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e21a9204d2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-0D8D3B8DCC vom 2024-01-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-0d8d3b8dcc"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7E301327C2 vom 2024-01-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7e301327c2"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5599 vom 2024-01-12",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00006.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5601 vom 2024-01-12",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00008.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6560-2 vom 2024-01-11",
"url": "https://ubuntu.com/security/notices/USN-6560-2"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5600 vom 2024-01-12",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00007.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6585-1 vom 2024-01-15",
"url": "https://ubuntu.com/security/notices/USN-6585-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6589-1 vom 2024-01-18",
"url": "https://www.cybersecurity-help.cz/vdb/SB2024011853"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0140-1 vom 2024-01-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017678.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6589-1 vom 2024-01-18",
"url": "https://ubuntu.com/security/notices/USN-6589-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-11C0B9B06A vom 2024-01-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-11c0b9b06a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3FD1BC9276 vom 2024-01-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3fd1bc9276"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-A53B24023D vom 2024-01-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a53b24023d"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3719 vom 2024-01-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0210-1 vom 2024-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017749.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3718 vom 2024-01-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0455 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0455"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6598-1 vom 2024-01-25",
"url": "https://ubuntu.com/security/notices/USN-6598-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0499 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0499"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0224-1 vom 2024-01-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017759.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0429 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0429"
},
{
"category": "external",
"summary": "Juniper Advisory",
"url": "https://supportportal.juniper.net/s/article/2024-01-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Impact-of-Terrapin-SSH-Attack-CVE-2023-48795"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0538 vom 2024-01-29",
"url": "https://access.redhat.com/errata/RHSA-2024:0538"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0594 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0594"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0606 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0606"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0625 vom 2024-01-31",
"url": "https://access.redhat.com/errata/RHSA-2024:0625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0628 vom 2024-01-31",
"url": "https://access.redhat.com/errata/RHSA-2024:0628"
},
{
"category": "external",
"summary": "Meinberg Security Advisory",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3730 vom 2024-02-01",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00000.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0606 vom 2024-02-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-0606.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0628 vom 2024-02-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-0628.html"
},
{
"category": "external",
"summary": "QNAP Security Advisory",
"url": "https://www.qnap.com/de-de/security-advisory/qsa-24-06"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2023-39 vom 2024-02-05",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-39-ssh-terrapin-vulnerability-112734047.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0327-1 vom 2024-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0430-1 vom 2024-02-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017891.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0628 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0628"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0789 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0789"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0722 vom 2024-02-12",
"url": "https://access.redhat.com/errata/RHSA-2024:0722"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0606 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0606"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12158 vom 2024-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-12158.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0460-1 vom 2024-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017909.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12157 vom 2024-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-12157.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12164 vom 2024-02-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-12164.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0843 vom 2024-02-15",
"url": "https://access.redhat.com/errata/RHSA-2024:0843"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0880 vom 2024-02-20",
"url": "https://access.redhat.com/errata/RHSA-2024:0880"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0539-1 vom 2024-02-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017974.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0558-1 vom 2024-02-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017960.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0543-1 vom 2024-02-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017959.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7197 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7197"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0954 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:0954"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7201 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7198 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7198"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7125640 vom 2024-02-28",
"url": "https://www.ibm.com/support/pages/node/7125640"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1130 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1130"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1150 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1196 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1196"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1197 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1197"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1130 vom 2024-03-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-1130.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1192 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1192"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1194 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1194"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1193 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1193"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1150 vom 2024-03-07",
"url": "https://linux.oracle.com/errata/ELSA-2024-1150.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-091 vom 2024-03-12",
"url": "https://www.dell.com/support/kbdoc/000222965/dsa-2024-="
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-6BC0AC05E1 vom 2024-03-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6bc0ac05e1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1210 vom 2024-03-13",
"url": "https://access.redhat.com/errata/RHSA-2024:1210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1383 vom 2024-03-19",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12233 vom 2024-03-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-12233.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12232 vom 2024-03-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-12232.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1433 vom 2024-03-20",
"url": "https://access.redhat.com/errata/RHSA-2024:1433"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7144861 vom 2024-03-20",
"url": "https://www.ibm.com/support/pages/node/7144861"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0974-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018187.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0972-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018189.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7145046 vom 2024-03-25",
"url": "https://www.cybersecurity-help.cz/vdb/SB2024032509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1557 vom 2024-03-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1557"
},
{
"category": "external",
"summary": "Citrix Security Advisory CTX633181 vom 2024-03-28",
"url": "https://support.citrix.com/article/CTX633181/hotfix-xs82ecu1063-for-citrix-hypervisor-82-cumulative-update-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1675 vom 2024-04-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1674 vom 2024-04-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "external",
"summary": "Dropbear Release 2024.84 vom 2024-04-04",
"url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2024q2/002365.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1677 vom 2024-04-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1676 vom 2024-04-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-021 vom 2024-04-06",
"url": "https://www.dell.com/support/kbdoc/000221558/dsa-2024-="
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1859 vom 2024-04-16",
"url": "https://access.redhat.com/errata/RHSA-2024:1859"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148398 vom 2024-04-16",
"url": "https://www.ibm.com/support/pages/node/7148398"
},
{
"category": "external",
"summary": "Jenkins Security Advisory",
"url": "https://www.jenkins.io/security/advisory/2024-04-17/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6738-1 vom 2024-04-22",
"url": "https://ubuntu.com/security/notices/USN-6738-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3794 vom 2024-04-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory ARUBA-PSA-2024-005 vom 2024-05-07",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-005.txt"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0135-1 vom 2024-05-22",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NJ4UKYMVT5L6QOJVM6JMV6AQINAVT4JW/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:2728"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesb3p04641en_us"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3636"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3635 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3635"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3634 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3918 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:3918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4010 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4010"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-11 vom 2024-07-05",
"url": "https://security.gentoo.org/glsa/202407-11"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-12 vom 2024-07-05",
"url": "https://security.gentoo.org/glsa/202407-12"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4329 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4329"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4479 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160492 vom 2024-07-17",
"url": "https://www.ibm.com/support/pages/node/7160492"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-239 vom 2024-07-18",
"url": "https://www.dell.com/support/kbdoc/de-de/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4662 vom 2024-07-19",
"url": "https://access.redhat.com/errata/RHSA-2024:4662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4597 vom 2024-07-19",
"url": "https://access.redhat.com/errata/RHSA-2024:4597"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-07-23",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04673en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4613 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7154643 vom 2024-07-29",
"url": "https://www.ibm.com/support/pages/node/7154643"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-139 vom 2024-08-06",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-139/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4955 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4955"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4959 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4959"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5750 vom 2024-08-18",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00163.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5432 vom 2024-08-22",
"url": "https://access.redhat.com/errata/RHSA-2024:5432"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3899 vom 2024-09-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7051-1 vom 2024-10-02",
"url": "https://ubuntu.com/security/notices/USN-7051-1"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3656-1 vom 2024-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EAHKWTRWWAX4Y4SNTAAW5T57YHPEOMQG/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8235"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Moxa Security Advisory MPSA-241044 vom 2024-11-04",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241044-vulnerabilities-identified-in-mds-g4028-l3-series-and-eds-g512e"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7292-1 vom 2025-02-25",
"url": "https://ubuntu.com/security/notices/USN-7292-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7297-1 vom 2025-02-25",
"url": "https://ubuntu.com/security/notices/USN-7297-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-9CEE4B3AC0 vom 2025-03-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9cee4b3ac0"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-AAA849AE74 vom 2025-03-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-aaa849ae74"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-F3E455B799 vom 2025-03-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f3e455b799"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-206AAE91E0 vom 2025-03-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-206aae91e0"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229444 vom 2025-03-28",
"url": "https://www.ibm.com/support/pages/node/7229444"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4132 vom 2025-04-21",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5906 vom 2025-04-20",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00068.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4664 vom 2025-05-07",
"url": "https://access.redhat.com/errata/RHSA-2025:4664"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20009-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021369.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-082556 vom 2025-06-10",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-234 vom 2025-07-01",
"url": "https://www.dell.com/support/kbdoc/000337969"
},
{
"category": "external",
"summary": "DBeaver Release 25.1.2 vom 2025-07-06",
"url": "https://github.com/dbeaver/dbeaver/releases/tag/25.1.2"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202509-06 vom 2025-09-18",
"url": "https://security.gentoo.org/glsa/202509-06"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-C1A3189D11 vom 2025-10-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c1a3189d11"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253912 vom 2025-12-05",
"url": "https://www.ibm.com/support/pages/node/7253912"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-450 vom 2025-12-20",
"url": "https://www.dell.com/support/kbdoc/000405768"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:20177-1 vom 2025-12-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VDMAOCE6FMUQXLIFZPI7NDGE25ALNJNL/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0482-1 vom 2025-12-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HMPRAQU5GUS5B5UC67PSDP37L4LKC7JE/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0492-1 vom 2025-12-31",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELAD4UXESKHIWS4FSKWS4HUM7LFMUU7F/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7256856 vom 2026-01-13",
"url": "https://www.ibm.com/support/pages/node/7256856"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "SSH Protokoll: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-01-25T23:00:00.000+00:00",
"generator": {
"date": "2026-01-26T09:22:57.378+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-3174",
"initial_release_date": "2023-12-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-12-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu und FreeBSD aufgenommen"
},
{
"date": "2023-12-20T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Dropbear, Fedora und SUSE aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian und Fedora aufgenommen"
},
{
"date": "2023-12-27T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-12-28T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-01-01T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-01-02T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Fedora und SUSE aufgenommen"
},
{
"date": "2024-01-03T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE und NetApp aufgenommen"
},
{
"date": "2024-01-08T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Palo Alto Networks und Fedora aufgenommen"
},
{
"date": "2024-01-09T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fortinet und Fedora aufgenommen"
},
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-01-11T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian und Ubuntu aufgenommen"
},
{
"date": "2024-01-15T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-01-18T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-01-21T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat, Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-31T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-02-01T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von QNAP aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-12T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-15T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-20T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-06T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-03-07T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-11T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Dell und Fedora aufgenommen"
},
{
"date": "2024-03-13T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-27T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-07T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Aruba und Dell aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-19T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Dell und Red Hat aufgenommen"
},
{
"date": "2024-07-21T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-29T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-18T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von moxa aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-07T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Siemens aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "90",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "93",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-12-23T23:00:00.000+00:00",
"number": "94",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-28T23:00:00.000+00:00",
"number": "95",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-30T23:00:00.000+00:00",
"number": "96",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-01-12T23:00:00.000+00:00",
"number": "97",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "98",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "98"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "T028903",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Aruba EdgeConnect",
"product": {
"name": "Aruba EdgeConnect",
"product_id": "T027755",
"product_identification_helper": {
"cpe": "cpe:/a:aruba:edgeconnect:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Aruba Switch",
"product": {
"name": "Aruba Switch",
"product_id": "T024430",
"product_identification_helper": {
"cpe": "cpe:/h:arubanetworks:switch:aos-cx"
}
}
},
{
"category": "product_name",
"name": "Aruba Switch",
"product": {
"name": "Aruba Switch",
"product_id": "T033685",
"product_identification_helper": {
"cpe": "cpe:/h:arubanetworks:switch:-"
}
}
}
],
"category": "product_name",
"name": "Switch"
}
],
"category": "vendor",
"name": "Aruba"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.2",
"product": {
"name": "Citrix Systems Hypervisor 8.2",
"product_id": "T029180",
"product_identification_helper": {
"cpe": "cpe:/o:citrix:hypervisor:8.2"
}
}
}
],
"category": "product_name",
"name": "Hypervisor"
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.8.1.1",
"product": {
"name": "Dell ECS \u003c3.8.1.1",
"product_id": "T036366"
}
},
{
"category": "product_version",
"name": "3.8.1.1",
"product": {
"name": "Dell ECS 3.8.1.1",
"product_id": "T036366-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:ecs:3.8.1.1"
}
}
}
],
"category": "product_name",
"name": "ECS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy OVA \u003c19.9.0.5",
"product": {
"name": "Dell NetWorker vProxy OVA \u003c19.9.0.5",
"product_id": "T033357"
}
},
{
"category": "product_version",
"name": "vProxy OVA 19.9.0.5",
"product": {
"name": "Dell NetWorker vProxy OVA 19.9.0.5",
"product_id": "T033357-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_ova__19.9.0.5"
}
}
},
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.13",
"product": {
"name": "Dell NetWorker \u003c19.13",
"product_id": "T044954"
}
},
{
"category": "product_version",
"name": "19.13",
"product": {
"name": "Dell NetWorker 19.13",
"product_id": "T044954-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.11.0.5",
"product": {
"name": "Dell NetWorker \u003c19.11.0.5",
"product_id": "T044959"
}
},
{
"category": "product_version",
"name": "19.11.0.5",
"product": {
"name": "Dell NetWorker 19.11.0.5",
"product_id": "T044959-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.11.0.5"
}
}
},
{
"category": "product_version_range",
"name": "Virtual Edition \u003c19.13",
"product": {
"name": "Dell NetWorker Virtual Edition \u003c19.13",
"product_id": "T049618"
}
},
{
"category": "product_version",
"name": "Virtual Edition 19.13",
"product": {
"name": "Dell NetWorker Virtual Edition 19.13",
"product_id": "T049618-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition__19.13"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "iDRAC 8 \u003c2.86.86.86",
"product": {
"name": "Dell integrated Dell Remote Access Controller iDRAC 8 \u003c2.86.86.86",
"product_id": "T033946"
}
},
{
"category": "product_version",
"name": "iDRAC 8 2.86.86.86",
"product": {
"name": "Dell integrated Dell Remote Access Controller iDRAC 8 2.86.86.86",
"product_id": "T033946-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:idrac_8__2.86.86.86"
}
}
},
{
"category": "product_version_range",
"name": "iDRAC 9 \u003c7.00.00.171",
"product": {
"name": "Dell integrated Dell Remote Access Controller iDRAC 9 \u003c7.00.00.171",
"product_id": "T033947"
}
},
{
"category": "product_version",
"name": "iDRAC 9 7.00.00.171",
"product": {
"name": "Dell integrated Dell Remote Access Controller iDRAC 9 7.00.00.171",
"product_id": "T033947-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:idrac:idrac_9__7.00.00.171"
}
}
}
],
"category": "product_name",
"name": "integrated Dell Remote Access Controller"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Fortinet FortiOS 7.0",
"product_id": "T031929",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.0"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "Fortinet FortiOS 7.2",
"product_id": "T031930",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.2"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Fortinet FortiOS 7.4",
"product_id": "T031931",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.4"
}
}
}
],
"category": "product_name",
"name": "FortiOS"
}
],
"category": "vendor",
"name": "Fortinet"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Golang Go",
"product": {
"name": "Golang Go",
"product_id": "T029035",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:-"
}
}
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version",
"name": "22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T027961",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
},
{
"category": "product_version",
"name": "23.0.1",
"product": {
"name": "IBM Business Automation Workflow 23.0.1",
"product_id": "T031216",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:23.0.1"
}
}
},
{
"category": "product_version",
"name": "23.0.2",
"product": {
"name": "IBM Business Automation Workflow 23.0.2",
"product_id": "T032497",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "v10",
"product": {
"name": "IBM Power Hardware Management Console v10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T020642",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Collaboration and Deployment Services 8.5",
"product": {
"name": "IBM SPSS Collaboration and Deployment Services 8.5",
"product_id": "T038750",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:collaboration_and_deployment_services_8.5"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12.0",
"product_id": "T031092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:12.0"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.9.1",
"product": {
"name": "IBM Security Verify Access \u003c10.0.9.1",
"product_id": "T049459"
}
},
{
"category": "product_version",
"name": "10.0.9.1",
"product": {
"name": "IBM Security Verify Access 10.0.9.1",
"product_id": "T049459-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:v10.0.9.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.2",
"product": {
"name": "IBM Security Verify Access \u003c11.0.2",
"product_id": "T049460"
}
},
{
"category": "product_version",
"name": "11.0.2",
"product": {
"name": "IBM Security Verify Access 11.0.2",
"product_id": "T049460-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:11.0.2"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"branches": [
{
"category": "product_version",
"name": "Plus 10.1",
"product": {
"name": "IBM Spectrum Protect Plus 10.1",
"product_id": "T015895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.452",
"product": {
"name": "Jenkins Jenkins \u003c2.452",
"product_id": "T034285"
}
},
{
"category": "product_version",
"name": "2.452",
"product": {
"name": "Jenkins Jenkins 2.452",
"product_id": "T034285-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:2.452"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c2.440.3",
"product": {
"name": "Jenkins Jenkins LTS \u003c2.440.3",
"product_id": "T034286"
}
},
{
"category": "product_version",
"name": "LTS 2.440.3",
"product": {
"name": "Jenkins Jenkins LTS 2.440.3",
"product_id": "T034286-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:lts__2.440.3"
}
}
}
],
"category": "product_name",
"name": "Jenkins"
}
],
"category": "vendor",
"name": "Jenkins"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.4R3-S13",
"product": {
"name": "Juniper JUNOS \u003c19.4R3-S13",
"product_id": "T032368"
}
},
{
"category": "product_version",
"name": "19.4R3-S13",
"product": {
"name": "Juniper JUNOS 19.4R3-S13",
"product_id": "T032368-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:19.4r3-s13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.4R3-S10",
"product": {
"name": "Juniper JUNOS \u003c20.4R3-S10",
"product_id": "T032369"
}
},
{
"category": "product_version",
"name": "20.4R3-S10",
"product": {
"name": "Juniper JUNOS 20.4R3-S10",
"product_id": "T032369-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:20.4r3-s10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c21.4R3-S6",
"product": {
"name": "Juniper JUNOS \u003c21.4R3-S6",
"product_id": "T032370"
}
},
{
"category": "product_version",
"name": "21.4R3-S6",
"product": {
"name": "Juniper JUNOS 21.4R3-S6",
"product_id": "T032370-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:21.4r3-s6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.1R3-S5",
"product": {
"name": "Juniper JUNOS \u003c22.1R3-S5",
"product_id": "T032371"
}
},
{
"category": "product_version",
"name": "22.1R3-S5",
"product": {
"name": "Juniper JUNOS 22.1R3-S5",
"product_id": "T032371-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:22.1r3-s5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.2R3-S3",
"product": {
"name": "Juniper JUNOS \u003c22.2R3-S3",
"product_id": "T032372"
}
},
{
"category": "product_version",
"name": "22.2R3-S3",
"product": {
"name": "Juniper JUNOS 22.2R3-S3",
"product_id": "T032372-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:22.2r3-s3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.4R3-S1",
"product": {
"name": "Juniper JUNOS \u003c22.4R3-S1",
"product_id": "T032373"
}
},
{
"category": "product_version",
"name": "22.4R3-S1",
"product": {
"name": "Juniper JUNOS 22.4R3-S1",
"product_id": "T032373-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:22.4r3-s1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c23.2R2",
"product": {
"name": "Juniper JUNOS \u003c23.2R2",
"product_id": "T032374"
}
},
{
"category": "product_version",
"name": "23.2R2",
"product": {
"name": "Juniper JUNOS 23.2R2",
"product_id": "T032374-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:23.2r2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c23.4R2",
"product": {
"name": "Juniper JUNOS \u003c23.4R2",
"product_id": "T032375"
}
},
{
"category": "product_version",
"name": "23.4R2",
"product": {
"name": "Juniper JUNOS 23.4R2",
"product_id": "T032375-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:23.4r2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.1R1",
"product": {
"name": "Juniper JUNOS \u003c24.1R1",
"product_id": "T032376"
}
},
{
"category": "product_version",
"name": "24.1R1",
"product": {
"name": "Juniper JUNOS 24.1R1",
"product_id": "T032376-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.1r1"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "SX 4.20",
"product": {
"name": "LANCOM LCOS SX 4.20",
"product_id": "T026553",
"product_identification_helper": {
"cpe": "cpe:/o:lancom:lcos:sx_4.20"
}
}
},
{
"category": "product_name",
"name": "LANCOM LCOS",
"product": {
"name": "LANCOM LCOS",
"product_id": "T026953",
"product_identification_helper": {
"cpe": "cpe:/o:lancom:lcos:-"
}
}
},
{
"category": "product_version",
"name": "LX",
"product": {
"name": "LANCOM LCOS LX",
"product_id": "T026954",
"product_identification_helper": {
"cpe": "cpe:/o:lancom:lcos:lx"
}
}
},
{
"category": "product_version",
"name": "FX",
"product": {
"name": "LANCOM LCOS FX",
"product_id": "T031787",
"product_identification_helper": {
"cpe": "cpe:/o:lancom:lcos:fx"
}
}
},
{
"category": "product_version",
"name": "SX 5.20",
"product": {
"name": "LANCOM LCOS SX 5.20",
"product_id": "T031788",
"product_identification_helper": {
"cpe": "cpe:/o:lancom:lcos:sx_5.20"
}
}
}
],
"category": "product_name",
"name": "LCOS"
}
],
"category": "vendor",
"name": "LANCOM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.08.007",
"product": {
"name": "Meinberg LANTIME \u003c7.08.007",
"product_id": "T032435"
}
},
{
"category": "product_version",
"name": "7.08.007",
"product": {
"name": "Meinberg LANTIME 7.08.007",
"product_id": "T032435-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:7.08.007"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MDS-G4028-L3 Series",
"product": {
"name": "Moxa Switch MDS-G4028-L3 Series",
"product_id": "T038734",
"product_identification_helper": {
"cpe": "cpe:/h:moxa:switch:mds-g4028-l3_series"
}
}
},
{
"category": "product_version",
"name": "EDS-G512E",
"product": {
"name": "Moxa Switch EDS-G512E",
"product_id": "T038749",
"product_identification_helper": {
"cpe": "cpe:/h:moxa:switch:eds-g512e"
}
}
}
],
"category": "product_name",
"name": "Switch"
}
],
"category": "vendor",
"name": "Moxa"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "T027038",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:9"
}
}
},
{
"category": "product_name",
"name": "NetApp FAS",
"product": {
"name": "NetApp FAS",
"product_id": "T011540",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:fas:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c25.1.2",
"product": {
"name": "Open Source DBeaver \u003c25.1.2",
"product_id": "T045052"
}
},
{
"category": "product_version",
"name": "25.1.2",
"product": {
"name": "Open Source DBeaver 25.1.2",
"product_id": "T045052-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dbeaver:dbeaver:25.1.2"
}
}
}
],
"category": "product_name",
"name": "DBeaver"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Dropbear SSH",
"product": {
"name": "Open Source Dropbear SSH",
"product_id": "T031811",
"product_identification_helper": {
"cpe": "cpe:/a:dropbear_ssh_project:dropbear_ssh:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2024.84",
"product": {
"name": "Open Source Dropbear SSH \u003c2024.84",
"product_id": "T033902"
}
},
{
"category": "product_version",
"name": "2024.84",
"product": {
"name": "Open Source Dropbear SSH 2024.84",
"product_id": "T033902-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dropbear_ssh_project:dropbear_ssh:2024.84"
}
}
}
],
"category": "product_name",
"name": "Dropbear SSH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.21.3",
"product": {
"name": "Open Source Gitea \u003c1.21.3",
"product_id": "T031778"
}
},
{
"category": "product_version",
"name": "1.21.3",
"product": {
"name": "Open Source Gitea 1.21.3",
"product_id": "T031778-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitea:gitea:1.21.3"
}
}
}
],
"category": "product_name",
"name": "Gitea"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.6",
"product": {
"name": "Open Source OpenSSH \u003c9.6",
"product_id": "T031748"
}
},
{
"category": "product_version",
"name": "9.6",
"product": {
"name": "Open Source OpenSSH 9.6",
"product_id": "T031748-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openssh:9.6"
}
}
}
],
"category": "product_name",
"name": "OpenSSH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.80",
"product": {
"name": "Open Source PuTTY \u003c0.80",
"product_id": "T031749"
}
},
{
"category": "product_version",
"name": "0.8",
"product": {
"name": "Open Source PuTTY 0.80",
"product_id": "T031749-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:simon_tatham:putty:0.80"
}
}
}
],
"category": "product_name",
"name": "PuTTY"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.10.6",
"product": {
"name": "Open Source libssh \u003c0.10.6",
"product_id": "T031750"
}
},
{
"category": "product_version",
"name": "0.10.6",
"product": {
"name": "Open Source libssh 0.10.6",
"product_id": "T031750-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libssh:libssh:0.10.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c0.9.8",
"product": {
"name": "Open Source libssh \u003c0.9.8",
"product_id": "T031751"
}
},
{
"category": "product_version",
"name": "0.9.8",
"product": {
"name": "Open Source libssh 0.9.8",
"product_id": "T031751-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libssh:libssh:0.9.8"
}
}
}
],
"category": "product_name",
"name": "libssh"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Palo Alto Networks PAN-OS",
"product": {
"name": "Palo Alto Networks PAN-OS",
"product_id": "T016533",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "Palo Alto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "QNAP NAS",
"product": {
"name": "QNAP NAS",
"product_id": "T017100",
"product_identification_helper": {
"cpe": "cpe:/h:qnap:nas:-"
}
}
}
],
"category": "vendor",
"name": "QNAP"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4",
"product_id": "978052",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.0.1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c8.0.1",
"product_id": "T033272"
}
},
{
"category": "product_version",
"name": "8.0.1",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8.0.1",
"product_id": "T033272-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.16",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.16",
"product_id": "T033900"
}
},
{
"category": "product_version",
"name": "7.4.16",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.16",
"product_id": "T033900-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.16"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.35",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.35",
"product_id": "T036992"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.35",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.35",
"product_id": "T036992-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.35"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1500 CPU",
"product": {
"name": "Siemens SIMATIC S7 1500 CPU",
"product_id": "T025776",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:1500_cpu"
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T033357",
"T031216",
"T031931",
"T031930",
"T049460",
"T031778",
"T031811",
"T034286",
"T034285",
"T016533",
"T033272",
"T004914",
"1139691",
"T020642",
"T021415",
"T031092",
"T027755",
"T025776",
"T027038",
"T033947",
"T031929",
"T032435",
"T050283",
"T031788",
"T031787",
"434967",
"1039165",
"T044959",
"T029180",
"1522854",
"T038734",
"T012167",
"T033685",
"T017562",
"T036992",
"T022954",
"T021621",
"T014381",
"2951",
"T002207",
"T026954",
"T049618",
"T027843",
"T026953",
"T045052",
"T049459",
"T027961",
"T026553",
"T029035",
"T032368",
"T031751",
"T032369",
"T031750",
"67646",
"4035",
"T038749",
"T011540",
"T034583",
"T036366",
"T038741",
"T028903",
"T044954",
"978052",
"T031748",
"T025159",
"T031749",
"T023373",
"T033902",
"T033946",
"T033900",
"T032371",
"T032372",
"T038314",
"T038315",
"T015895",
"T032370",
"T038316",
"T032375",
"T038750",
"T032255",
"T032376",
"T032497",
"74185",
"T032373",
"T017100",
"T032374",
"T017865",
"T000126",
"T024430"
]
},
"release_date": "2023-12-18T23:00:00.000+00:00",
"title": "CVE-2023-48795"
}
]
}
WID-SEC-W-2024-0523
Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2024-02-29 23:00Summary
SolarWinds Security Event Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SolarWinds Security Event Manager ist eine Lösung zur Analyse von Protokolldaten.
Angriff: Ein entfernter, anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in SolarWinds Security Event Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
Es besteht eine Schwachstelle in SolarWinds Security Event Manager. Ein entfernter, anonymer Angreifer aus dem lokalen Netzwerk kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.
Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines möglichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und Störungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.
Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines möglichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und Störungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.
Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines möglichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und Störungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.
Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines möglichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und Störungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SolarWinds Security Event Manager ist eine L\u00f6sung zur Analyse von Protokolldaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in SolarWinds Security Event Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0523 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0523.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0523 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0523"
},
{
"category": "external",
"summary": "Github Security Advisory vom 2024-02-29",
"url": "https://github.com/advisories/GHSA-3fj5-f9x9-2hvx"
},
{
"category": "external",
"summary": "Solarwinds Release Notes vom 2024-02-29",
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm"
}
],
"source_lang": "en-US",
"title": "SolarWinds Security Event Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-29T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:05:56.349+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0523",
"initial_release_date": "2024-02-29T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-29T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2023.4.1",
"product": {
"name": "SolarWinds Security Event Manager \u003c 2023.4.1",
"product_id": "T033207"
}
}
],
"category": "product_name",
"name": "Security Event Manager"
}
],
"category": "vendor",
"name": "SolarWinds"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0692",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in SolarWinds Security Event Manager. Ein entfernter, anonymer Angreifer aus dem lokalen Netzwerk kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2024-0692"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
}
],
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-42670",
"notes": [
{
"category": "description",
"text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
}
],
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-42670"
},
{
"cve": "CVE-2023-4154",
"notes": [
{
"category": "description",
"text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
}
],
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-4154"
},
{
"cve": "CVE-2023-3961",
"notes": [
{
"category": "description",
"text": "Im SolarWinds Security Event Manager gibt es mehrere Schwachstellen in Third Party Applications. Die Schwachstellen bestehen in den Komponenten Samba und SSH aufgrund eines m\u00f6glichen Terrapin-Angriffs, einer Pfadumgehung, einer defekten Zugriffskontrolle und St\u00f6rungen im AD DC-Dienst. Ein anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen."
}
],
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-3961"
}
]
}
WID-SEC-W-2024-0564
Vulnerability from csaf_certbund - Published: 2024-03-06 23:00 - Updated: 2026-01-25 23:00Summary
Jenkins: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Data Protection Advisor <19.12
Dell / Data Protection Advisor
|
<19.12 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Jenkins Jenkins plugins
Jenkins / Jenkins
|
cpe:/a:cloudbees:jenkins:plugins
|
plugins |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0564 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0564.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0564 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0564"
},
{
"category": "external",
"summary": "Jenkins Security Advisory 2024-03-06 vom 2024-03-06",
"url": "https://www.jenkins.io/security/advisory/2024-03-06/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3636"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3635 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3635"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4597 vom 2024-07-19",
"url": "https://access.redhat.com/errata/RHSA-2024:4597"
},
{
"category": "external",
"summary": "Deell Security Update",
"url": "https://www.dell.com/support/kbdoc/en-us/000281732/dsa-2025-075-security-update-for-dell-data-protection-advisor-for-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Jenkins: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-25T23:00:00.000+00:00",
"generator": {
"date": "2026-01-26T09:23:19.446+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-0564",
"initial_release_date": "2024-03-06T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-06T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Data Protection Advisor \u003c19.12",
"product_id": "T050283"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Data Protection Advisor 19.12",
"product_id": "T050283-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:data_protection_advisor:19.12"
}
}
}
],
"category": "product_name",
"name": "Data Protection Advisor"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "plugins",
"product": {
"name": "Jenkins Jenkins plugins",
"product_id": "T013614",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:plugins"
}
}
}
],
"category": "product_name",
"name": "Jenkins"
}
],
"category": "vendor",
"name": "Jenkins"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2024-2215",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-2215"
},
{
"cve": "CVE-2024-2216",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-2216"
},
{
"cve": "CVE-2024-28149",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28149"
},
{
"cve": "CVE-2024-28150",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28150"
},
{
"cve": "CVE-2024-28151",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28151"
},
{
"cve": "CVE-2024-28152",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28152"
},
{
"cve": "CVE-2024-28153",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28153"
},
{
"cve": "CVE-2024-28154",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28154"
},
{
"cve": "CVE-2024-28155",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28155"
},
{
"cve": "CVE-2024-28156",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28156"
},
{
"cve": "CVE-2024-28157",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28157"
},
{
"cve": "CVE-2024-28158",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28158"
},
{
"cve": "CVE-2024-28159",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28159"
},
{
"cve": "CVE-2024-28160",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28160"
},
{
"cve": "CVE-2024-28161",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28161"
},
{
"cve": "CVE-2024-28162",
"product_status": {
"known_affected": [
"T050283",
"67646",
"T013614"
]
},
"release_date": "2024-03-06T23:00:00.000+00:00",
"title": "CVE-2024-28162"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…