2254997 – (CVE-2023-6918) CVE-2023-6918 libssh: Missing checks for return values for digests

Bug 2254997 (CVE-2023-6918) - CVE-2023-6918 libssh: Missing checks for return values for digests

Summary: CVE-2023-6918 libssh: Missing checks for return values for digests

Keywords:
Status:	NEW
Alias:	CVE-2023-6918
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2255158 2255160 2255161 2255157 2255159
Blocks:	2254995
TreeView+	depends on / blocked

Reported:	2023-12-18 11:48 UTC by Rohit Keshri
Modified:	2024-01-03 07:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:	libssh 0.9.8, libssh 0.10.6
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2023-12-18 11:48:24 UTC

The libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. 

The return values from these were not properly checked, which could cause in low-memory situations failures, NULL dereferences, crashes or at worst usage of the uninitialized memory as an input for the KDF. 

In this case, non-matching keys will result in decryption/integrity failures, terminating connection.

Comment 3 Anten Skrabec 2023-12-18 22:58:15 UTC

Created libssh tracking bugs for this issue:

Affects: epel-all [bug 2255157]
Affects: fedora-all [bug 2255159]


Created libssh2 tracking bugs for this issue:

Affects: epel-all [bug 2255158]
Affects: fedora-all [bug 2255160]


Created mingw-libssh2 tracking bugs for this issue:

Affects: fedora-all [bug 2255161]

Comment 4 Sandipan Roy 2024-01-03 07:46:21 UTC

This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.

The maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.

Moreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.

Note You need to log in before you can comment on or make changes to this bug.