CVE
CVE-2023-48795
| CVE ID |
CVE-2023-48795
|
|---|---|
| CVSS Score |
5.9
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
libssh2-1.8.0-4_ol001.el7_9.1
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. The vulnerable cipher modes are ChaCha20-Poly1305 and Encrypt-then-MAC (-etm MAC algorithms). libssh2 appears to be susceptible to "Terrapin attack" where MiTM attacker is able to tamper with the SSH early protocol exchange. So libssh2 should preferably include support for "strict KEX" extension.