Libssh
CVE-2023-6004
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
AnalysisAI
A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Affected products include: Libssh, Fedoraproject Fedora, Redhat Enterprise Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly
Cryptographic key derivation failure in libssh versions prior to 0.11.2 (when built against OpenSSL older than 3.0) can
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. Rated high severi
CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not proper
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in cha
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today