Bug 2254997 (CVE-2023-6918)
| Summary: | CVE-2023-6918 libssh: Missing checks for return values for digests | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libssh 0.9.8, libssh 0.10.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2255158, 2255160, 2255161, 2255157, 2255159 | ||
| Bug Blocks: | 2254995 | ||
|
Description
Rohit Keshri
2023-12-18 11:48:24 UTC
Created libssh tracking bugs for this issue: Affects: epel-all [bug 2255157] Affects: fedora-all [bug 2255159] Created libssh2 tracking bugs for this issue: Affects: epel-all [bug 2255158] Affects: fedora-all [bug 2255160] Created mingw-libssh2 tracking bugs for this issue: Affects: fedora-all [bug 2255161] This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification. The maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk. Moreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact. This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2504 https://access.redhat.com/errata/RHSA-2024:2504 |