CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Published: Jan 3, 2024
Updated: May 10, 2024
CVE: CVE-2023-6004
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
libssh / libssh	0.10.0	0.10.6
libssh / libssh	0.8.0	0.9.8
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
fedoraproject / fedora	38	38.x

https://access.redhat.com/errata/RHSA-2024:2504
https://access.redhat.com/errata/RHSA-2024:3233
https://access.redhat.com/security/cve/CVE-2023-6004
https://bugzilla.redhat.com/show_bug.cgi?id=2251110
https://lists.fedoraproject.org/archives/list/[email protected]/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://security.netapp.com/advisory/ntap-20240223-0004/
https://www.libssh.org/security/advisories/CVE-2023-6004.txt

Vulnerability Database

289,599

CVE-2023-6004