{
  "threat_severity" : "Low",
  "public_date" : "2023-12-18T00:00:00Z",
  "bugzilla" : {
    "description" : "libssh: Missing checks for return values for digests",
    "id" : "2254997",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2254997"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-252",
  "details" : [ "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection." ],
  "statement" : "This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification.\nThe maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk.\nMoreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.",
  "acknowledgement" : "Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3233",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libssh-0:0.9.6-14.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3233",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libssh-0:0.9.6-14.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2504",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "libssh-0:0.10.4-13.el9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2504",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "libssh-0:0.10.4-13.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "libssh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-6918\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6918\nhttps://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/\nhttps://www.libssh.org/security/advisories/CVE-2023-6918.txt" ],
  "name" : "CVE-2023-6918",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}