A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
Published 2023-05-26 18:15:14
Updated 2024-02-01 17:15:08
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: BypassGain privilege

Threat overview for CVE-2023-2283

Top countries where our scanners detected CVE-2023-2283
Top open port discovered on systems with this issue 53
IPs affected by CVE-2023-2283 4,042
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2023-2283!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2023-2283

0.18%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-2283

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.5
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.9
2.5
NIST
6.5
MEDIUM AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
N/A
N/A
Oracle:CPUOct2023

CWE ids for CVE-2023-2283

  • When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
    Assigned by:
    • nvd@nist.gov (Primary)
    • secalert@redhat.com (Secondary)

References for CVE-2023-2283

Products affected by CVE-2023-2283

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!