Vulnerabilities > CVE-2023-1667 - NULL Pointer Dereference vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-05-26

Updated: 2023-12-22

Summary

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Libssh Libssh Libssh * Libssh Libssh 0.9.1 Libssh Libssh 0.9.2 Libssh Libssh 0.9.3 Libssh Libssh 0.9.4 Libssh Libssh 0.9.6	6
OS	Fedoraproject Fedoraproject Fedora 37	1
OS	Debian Debian Debian Linux 10.0	1
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://bugzilla.redhat.com/show_bug.cgi?id=2182199
http://www.libssh.org/security/advisories/CVE-2023-1667.txt
https://access.redhat.com/security/cve/CVE-2023-1667
https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
https://security.gentoo.org/glsa/202312-05