CVE-2023-48795 : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH bef

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Published 2023-12-18 16:15:11

Updated 2025-05-23 02:24:59

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-48795

Freebsd » Freebsd
Versions up to, including, (<=) 12.4
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 7.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Storage » Version: 3.0
cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Ceph Storage » Version: 6.0
cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack Platform » Version: 16.1
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack Platform » Version: 16.2
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack Platform » Version: 17.1
cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
Matching versions
Redhat » Keycloak » Version: N/A
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 4.0
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Single Sign-on » Version: 7.0
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Virtualization » Version: 4
cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*
Matching versions
Redhat » Discovery » Version: N/A
cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Data Foundation » Version: 4.0
cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Gitops » Version: N/A
cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Serverless » Version: N/A
cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*
Matching versions
Redhat » Advanced Cluster Security » Version: 3.0
cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Advanced Cluster Security » Version: 4.0
cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Developer Tools And Services » Version: N/A
cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Api For Data Protection » Version: N/A
cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*
Matching versions
Redhat » Cert-manager Operator For Red Hat Openshift » Version: N/A
cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Dev Spaces » Version: N/A
cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Pipelines » Version: N/A
cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*
Matching versions
Apache » Sshd
Versions up to, including, (<=) 2.11.0
cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*
Matching versions
Apache » Sshj
Versions up to, including, (<=) 0.37.0
cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 14.0 and before (<) 14.4
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Openbsd » Openssh
Versions before (<) 9.6
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Matching versions
SSH » SSH
Versions before (<) 4.9.1.5
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
Matching versions
SSH » SSH
Versions from including (>=) 4.14 and before (<) 4.15.3.1
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
Matching versions
SSH » SSH
Versions from including (>=) 5.0 and before (<) 5.1.1
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
Matching versions
SSH » SSH
Versions from including (>=) 4.10 and before (<) 4.11.1.7
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
Matching versions
SSH » SSH
Versions from including (>=) 4.12 and before (<) 4.13.2.4
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
Matching versions
Putty » Putty
Versions before (<) 0.80
cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*
Matching versions
Bitvise » Ssh Client
Versions before (<) 9.33
cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*
Matching versions
Bitvise » Ssh Server
Versions before (<) 9.32
cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*
Matching versions
Winscp » Winscp
Versions before (<) 6.2.2
cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*
Matching versions
Gentoo » Security » Version: N/A
cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*
Matching versions
When used together with: Debian » Debian Linux » Version: N/A
Netsarang » Xshell 7
Versions before (<) build__0144
cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions
Erlang » Erlang/otp
Versions from including (>=) 26.0 and before (<) 26.2.1
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Matching versions
Erlang » Erlang/otp
Versions from including (>=) 24.0 and before (<) 24.3.4.15
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Matching versions
Erlang » Erlang/otp
Versions before (<) 22.3.4.27
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Matching versions
Erlang » Erlang/otp
Versions from including (>=) 25.0 and before (<) 25.3.2.8
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Matching versions
Erlang » Erlang/otp
Versions from including (>=) 23.0 and before (<) 23.3.4.20
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Matching versions
Proftpd » Proftpd
Versions up to, including, (<=) 1.3.8b
cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
Matching versions
Vandyke » Securecrt
Versions before (<) 9.4.3
cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*
Matching versions
Libssh » Libssh
Versions before (<) 0.10.6
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Matching versions
Golang » Crypto
Versions before (<) 0.17.0
cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*
Matching versions
Libssh2 » Libssh2
Versions before (<) 1.11.1
cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*
Matching versions
Dropbear Ssh Project » Dropbear Ssh
Versions before (<) 2022.83
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
Matching versions
9bis » Kitty
Versions up to, including, (<=) 0.76.1.13
cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*
Matching versions
Tera Term Project » Tera Term
Versions up to, including, (<=) 5.1
cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*
Matching versions
Crushftp » Crushftp
Versions up to, including, (<=) 10.6.0
cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
Matching versions
Crushftp » Crushftp
Versions before (<) 10.6.0
cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
Matching versions
Asyncssh Project » Asyncssh
Versions before (<) 2.14.2
cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*
Matching versions
Paramiko » Paramiko
Versions before (<) 3.4.0
cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*
Matching versions
Netgate » Pfsense Plus
Versions up to, including, (<=) 23.09.1
cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*
Matching versions
Netgate » Pfsense Ce
Versions up to, including, (<=) 2.7.2
cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*
Matching versions
Filezilla-project » Filezilla Client
Versions before (<) 3.66.4
cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*
Matching versions
Oryx-embedded » Cyclone Ssh
Versions before (<) 2.3.4
cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lcos Fx » Version: N/A
cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lcos
Versions up to, including, (<=) 3.66.4
cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lcos Lx » Version: N/A
cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lcos Sx » Version: 4.20
cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lcos Sx » Version: 5.20
cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*
Matching versions
Lancom-systems » Lanconfig » Version: N/A
cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*
Matching versions
Ssh2 Project » Ssh2 » For Node.js
Versions up to, including, (<=) 1.11.0
cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*
Matching versions
Sftpgo Project » Sftpgo
Versions before (<) 2.5.6
cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*
Matching versions
Russh Project » Russh » For Rust
Versions before (<) 0.40.2
cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*
Matching versions
Thorntech » Sftp Gateway Firmware
Versions before (<) 3.4.6
cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*
Matching versions
Panic » Transmit 5
Versions before (<) 5.10.4
cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
Panic » Nova
Versions before (<) 11.8
cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
Roumenpetrov » Pkixssh
Versions before (<) 14.4
cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*
Matching versions
Net-ssh » Net-ssh » Version: 7.2.0 For Ruby
cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*
Matching versions
Crates » Thrussh
Versions before (<) 0.35.1
cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*
Matching versions
Matez » Jsch
Versions before (<) 0.2.15
cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*
Matching versions
Jadaptive » Maverick Synergy Java Ssh Api
Versions before (<) 3.1.0-snapshot
cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*
Matching versions
Connectbot » Sshlib
Versions before (<) 2.2.22
cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*
Matching versions
Tinyssh » Tinyssh
Versions up to, including, (<=) 20230101
cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*
Matching versions
Trilead » Ssh2 » Version: 6401
cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-48795

EPSS FAQ

85.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-48795

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	N/A	N/A	RedHat-CVE-2023-48795
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-48795

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-48795

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

SUSE addresses the SSH v2 protocol Terrapin Attack aka CVE-2023-48795 | SUSE Communities
Press/Media Coverage
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

[SECURITY] Fedora 39 Update: podman-4.8.3-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

[SECURITY] Fedora 39 Update: proftpd-1.3.8b-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/libssh2/libssh2/pull/1291

src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" by vszakats · Pull Request #1291 · libssh2/libssh2 · GitHub
Mitigation
https://security-tracker.debian.org/tracker/source-package/libssh2

Information on source package libssh2
Vendor Advisory
https://filezilla-project.org/versions.php

FileZilla - Version history
Release Notes

CVEs referencing this url
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

projects/libssh.git - libssh shared repository
Patch
https://security.gentoo.org/glsa/202312-17

OpenSSH: Multiple Vulnerabilities (GLSA 202312-17) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

CVE-2023-48795: Mitigate OpenSSH Vulnerability - vsociety
Exploit;Third Party Advisory
https://github.com/mwiede/jsch/pull/461

0.2.15 changes by norrisjeremy · Pull Request #461 · mwiede/jsch · GitHub
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

[SECURITY] Fedora 39 Update: putty-0.80-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

Comparing jsch-0.2.14...jsch-0.2.15 · mwiede/jsch · GitHub
Product
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

ssh: implement strict KEX protocol changes · golang/crypto@9d2ee97 · GitHub
Patch
https://github.com/advisories/GHSA-45x7-px36-x8w8

Russh vulnerable to Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC · CVE-2023-48795 · GitHub Advisory Database · GitHub
Third Party Advisory
https://github.com/janmojzis/tinyssh/issues/81

CVE-2023-48795 / Terrapin Attack · Issue #81 · janmojzis/tinyssh · GitHub
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

[SECURITY] Fedora 38 Update: podman-4.8.3-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/erlang/otp/releases/tag/OTP-26.2.1

Release OTP 26.2.1 · erlang/otp · GitHub
Release Notes
https://github.com/cyd01/KiTTY/issues/520

Terrapin vulnerability mitigation · Issue #520 · cyd01/KiTTY · GitHub
Issue Tracking
https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit

Exploit;Third Party Advisory
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

dropbear/CHANGES at 17657c36cce6df7716d5ff151ec09a665382d5dd · mkj/dropbear · GitHub
Patch
https://www.bitvise.com/ssh-server-version-history

Bitvise SSH Server Version History | Bitvise
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://security.gentoo.org/glsa/202312-16

libssh: Multiple Vulnerabilities (GLSA 202312-16) — Gentoo security
Third Party Advisory
https://www.paramiko.org/changelog.html

Changelog — Paramiko documentation
Release Notes

CVEs referencing this url
https://news.ycombinator.com/item?id=38685286

Vulnerability in golang.org/x/crypto/ssh | Hacker News
Issue Tracking
https://github.com/paramiko/paramiko/issues/2337

"Terrapin" MitM attack / CVE-2023-48795 · Issue #2337 · paramiko/paramiko · GitHub
Issue Tracking
http://www.openwall.com/lists/oss-security/2023/12/18/3

oss-security - CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
Mailing List
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

Implement kex-strict from OpenSSH · connectbot/sshlib@5c8b534 · GitHub
Patch
https://access.redhat.com/security/cve/cve-2023-48795

CVE-2023-48795- Red Hat Customer Portal
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

[SECURITY] Fedora 39 Update: golang-x-mod-0.14.0-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://help.panic.com/releasenotes/transmit5/

Transmit 5 Release Notes
Release Notes
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

Information on source package proftpd-dfsg
Vendor Advisory
https://www.terrapin-attack.com

Terrapin Attack
Exploit

CVEs referencing this url
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

Allgemeine Sicherheitshinweise: LANCOM Systems GmbH
Vendor Advisory
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

Terrapin SSH Connection Weakening ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

pijul/thrussh - Change D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
Patch
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

Release Notes
https://bugs.gentoo.org/920280

920280 – (CVE-2023-46445, CVE-2023-46446, CVE-2023-48795) net-misc/openssh, net-libs/libssh, net-misc/dropbear: terrapin vulnerability
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://matt.ucc.asn.au/dropbear/CHANGES

Release Notes

CVEs referencing this url
https://github.com/NixOS/nixpkgs/pull/275249

openssh: 9.5p1 -> 9.6p1 by SuperSandro2000 · Pull Request #275249 · NixOS/nixpkgs · GitHub
Release Notes
https://www.openssh.com/openbsd.html

OpenSSH: for OpenBSD
Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

net-ssh/CHANGES.txt at 2e65064a52d73396bfc3806c9196fc8108f33cd8 · net-ssh/net-ssh · GitHub
Patch
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

Important Java SSH Security Update: New SSH Vulnerability Discovered – CVE-2023-48795 | JADAPTIVE
Press/Media Coverage
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

[SECURITY] Fedora 39 Update: podman-tui-0.15.0-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://nova.app/releases/#v11.8

Version History | Nova
Release Notes
https://crates.io/crates/thrussh/versions

crates.io: Rust Package Registry
Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

PuTTY Change Log
Release Notes

CVEs referencing this url
https://github.com/mwiede/jsch/issues/457

Is jsch affected by the Terrapin attack? · Issue #457 · mwiede/jsch · GitHub
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

[SECURITY] Fedora 38 Update: proftpd-1.3.8b-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://gitlab.com/libssh/libssh-mirror/-/tags

Tags · libssh project / libssh-mirror · GitLab
Release Notes
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

proftpd/RELEASE_NOTES at 0a7ea9b0ba9fcdf368374a226370d08f10397d99 · proftpd/proftpd · GitHub
Release Notes
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
Press/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=2254210

2254210 – (CVE-2023-48795) CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
Issue Tracking
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

proftpd/RELEASE_NOTES at master · proftpd/proftpd · GitHub
Release Notes

CVEs referencing this url
https://oryx-embedded.com/download/#changelog

Download Source Code | TCP/IP SSL/TLS SSH STP ACME CRYPTO
Release Notes
https://www.vandyke.com/products/securecrt/history.txt

Release Notes

CVEs referencing this url
https://news.ycombinator.com/item?id=38684904

Terrapin Attack for prefix truncation in SSH | Hacker News
Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

[SECURITY] [DLA 3794-1] putty security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

otp/lib/ssh/doc/src/notes.xml at d1b43dc0f1361d2ad67601169e90a7fc50bb0369 · erlang/otp · GitHub
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

[SECURITY] Fedora 38 Update: podman-tui-0.15.0-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

Added test for the Terrapin vulnerability (CVE-2023-48795) (#227). · jtesta/ssh-audit@8e972c5 · GitHub
Patch
https://github.com/warp-tech/russh/releases/tag/v0.40.2

Release v0.40.2 · warp-tech/russh · GitHub
Release Notes
https://bugzilla.suse.com/show_bug.cgi?id=1217950

1217950 – (CVE-2023-48795) VUL-0: CVE-2023-48795: openssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack
Issue Tracking
https://news.ycombinator.com/item?id=38732005

Terrapin-Attack Style Vulnerability Likely Exploited for 2 Years!! I wanted to s... | Hacker News
Issue Tracking
https://www.openwall.com/lists/oss-security/2023/12/20/3

oss-security - Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
Mailing List;Mitigation
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

[SECURITY] Fedora 38 Update: putty-0.80-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

asyncssh/docs/changes.rst at develop · ronf/asyncssh · GitHub
Release Notes

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html

[SECURITY] [DLA 3719-1] phpseclib security update
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

[SECURITY] Fedora 38 Update: golang-x-crypto-0.18.0-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2

Information on source package trilead-ssh2
Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

Release v9.5.0.0p1-Beta · PowerShell/Win32-OpenSSH · GitHub
Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

proftpd/RELEASE_NOTES at d21e7a2e47e9b38f709bec58e3fa711f759ad0e1 · proftpd/proftpd · GitHub
Release Notes
https://github.com/rapier1/hpn-ssh/releases

Releases · rapier1/hpn-ssh
Release Notes
https://ubuntu.com/security/CVE-2023-48795

CVE-2023-48795 | Ubuntu
Vendor Advisory
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

lib: add strict key exchange mode support · mscdex/ssh2@97b223f · GitHub
Patch
http://seclists.org/fulldisclosure/2024/Mar/21

Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.theregister.com/2023/12/20/terrapin_attack_ssh

SSH shaken, not stirred by Terrapin downgrade vulnerability • The Register
Press/Media Coverage
https://winscp.net/eng/docs/history#6.2.2

Recent Version History :: WinSCP
Release Notes
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

Release Tera Term 5.1 · TeraTermProject/teraterm · GitHub
Release Notes
https://roumenpetrov.info/secsh/#news20231220

Roumen Petrov - secure shell(ssh) page
Release Notes
http://www.openwall.com/lists/oss-security/2024/04/17/8

oss-security - Terrapin vulnerability in Jenkins CLI client
Mailing List
https://support.apple.com/kb/HT214084

About the security content of macOS Sonoma 14.4 - Apple Support
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

[SECURITY] Fedora 38 Update: python-paramiko-3.4.0-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/apache/mina-sshd/issues/445

Terrapin Mitigation: "strict-kex" · Issue #445 · apache/mina-sshd · GitHub
Issue Tracking

CVEs referencing this url
https://twitter.com/TrueSkrillor/status/1736774389725565005

Fabian Bäumer on X: "[1/7] We found an flaw in the SSH specification which allows a MitM attacker to drop certain messages from the secured connection. If you are using SSH, check this out: https://t.
Press/Media Coverage
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://forum.netgate.com/topic/184941/terrapin-ssh-attack

Terrapin SSH Attack | Netgate Forum
Issue Tracking
https://github.com/proftpd/proftpd/issues/456

Support the chacha20-poly1305@openssh.com SSH cipher · Issue #456 · proftpd/proftpd · GitHub
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

[SECURITY] Fedora 39 Update: python-asyncssh-2.14.2-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/hierynomus/sshj/issues/916

Terrapin Vulnerability CVE-2023-48795 · Issue #916 · hierynomus/sshj · GitHub
Issue Tracking
http://www.openwall.com/lists/oss-security/2023/12/19/5

oss-security - Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
Mailing List
https://www.openwall.com/lists/oss-security/2023/12/18/2

oss-security - Announce: OpenSSH 9.6 released
Mailing List

CVEs referencing this url
https://github.com/openssh/openssh-portable/commits/master

Commits · openssh/openssh-portable · GitHub
Patch
https://www.bitvise.com/ssh-client-version-history#933

Bitvise SSH Client Version History | Bitvise
Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

golang.org/x/crypto/ssh fix pre-announcement
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39 - package-announce - Fedora Mailing-Lists
Vendor Advisory
https://www.debian.org/security/2023/dsa-5588

Debian -- Security Information -- DSA-5588-1 putty
Issue Tracking

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

[SECURITY] Fedora 38 Update: golang-x-mod-0.14.0-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://www.debian.org/security/2023/dsa-5586

Debian -- Security Information -- DSA-5586-1 openssh
Issue Tracking

CVEs referencing this url
https://security-tracker.debian.org/tracker/CVE-2023-48795

CVE-2023-48795
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

Security Advisory
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/06/3

oss-security - Multiple vulnerabilities in Jenkins plugins
Mailing List

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

[SECURITY] [DLA 3694-1] openssh security update
Mailing List

CVEs referencing this url
https://github.com/ronf/asyncssh/tags

Tags · ronf/asyncssh · GitHub
Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

Crush10wiki: Update
Release Notes

CVEs referencing this url
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22

Comparing 2.2.21...2.2.22 · connectbot/sshlib · GitHub
Third Party Advisory
https://www.openssh.com/txt/release-9.6

Release Notes

CVEs referencing this url
https://www.netsarang.com/en/xshell-update-history/

Xshell Update History - NetSarang Website
Release Notes

CVEs referencing this url
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

CVE-2023-48795 why is this cve still undisclosed : r/sysadmin
Issue Tracking
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

Strict KEX 対応 (CVE-2023-48795) · TeraTermProject/teraterm@7279fbd · GitHub
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

[SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/ssh-mitm/ssh-mitm/issues/165

Terrapin Attack vs. SSH-MITM: Comparing Packet Handling · Issue #165 · ssh-mitm/ssh-mitm · GitHub
Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

Release v2.5.6 · drakkan/sftpgo · GitHub
Release Notes
https://security.netapp.com/advisory/ntap-20240105-0004/

CVE-2023-48795 SSH Protocol Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg

[security] Vulnerability in golang.org/x/crypto/ssh
Mailing List
https://github.com/PowerShell/Win32-OpenSSH/issues/2189

Clarify exposure to CVE-2023-48795 (Terrapin) · Issue #2189 · PowerShell/Win32-OpenSSH · GitHub
Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html

[SECURITY] [DLA 3718-1] php-phpseclib security update
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/20/3

oss-security - Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
Mailing List;Mitigation
https://thorntech.com/cve-2023-48795-and-sftp-gateway/

CVE-2023-48795 and SFTP Gateway - Thorn Technologies
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-48795

Products affected by CVE-2023-48795

Exploit prediction scoring system (EPSS) score for CVE-2023-48795

CVSS scores for CVE-2023-48795

CWE ids for CVE-2023-48795

References for CVE-2023-48795