Published: 03/01/2024 Updated: 23/02/2024

CVSS v3 Base Score: 4.8 | Impact Score: 3.4 | Exploitability Score: 1.3

VMScore: 0

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an malicious user to inject malicious code into the command of the features mentioned through the hostname parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libssh libssh
redhat enterprise linux 8.0
redhat enterprise linux 9.0
fedoraproject fedora 38

Debian Bug report logs - #1059061 libssh: CVE-2023-6004 Package: src:libssh; Maintainer for src:libssh is Laurent Bigonville <bigon@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Dec 2023 21:39:04 UTC Severity: important Tags: security, upstream Found in version libssh/0105-3 ...

Description This CVE is under investigation by Red Hat Product Security ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling  <!--X-H ...

CWE-74 https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/https://security.netapp.com/advisory/ntap-20240223-0004/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059061 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-6004

CVE-2023-6004

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect