Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/04/2024 Updated: 03/04/2024

An issue exists in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.

An issue was discovered in OpenSSH 74 on Amazon Linux 2 and Amazon Linux 1 The fix for CVE-2019-6111 only covered cases where an absolute path is passed to scp When a relative path is used there is no verification that the name of a file received by the client matches the file requested (CVE-2023-35812) ...

https://alas.aws.amazon.com/cve/html/CVE-2023-35812.html https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2202.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-35812

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect