CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/18/3	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/19/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
http://www.openwall.com/lists/oss-security/2024/03/06/3	Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/8	Mailing List
https://access.redhat.com/security/cve/cve-2023-48795	Third Party Advisory
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/	Press/Media Coverage
https://bugs.gentoo.org/920280	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2254210	Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1217950	Issue Tracking
https://crates.io/crates/thrussh/versions	Release Notes
https://filezilla-project.org/versions.php	Release Notes
https://forum.netgate.com/topic/184941/terrapin-ssh-attack	Issue Tracking
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6	Patch
https://github.com/NixOS/nixpkgs/pull/275249	Release Notes
https://github.com/PowerShell/Win32-OpenSSH/issues/2189	Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta	Release Notes
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0	Patch
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1	Release Notes
https://github.com/advisories/GHSA-45x7-px36-x8w8	Third Party Advisory
https://github.com/apache/mina-sshd/issues/445	Issue Tracking
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab	Patch
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22	Third Party Advisory
https://github.com/cyd01/KiTTY/issues/520	Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6	Release Notes
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42	Patch
https://github.com/erlang/otp/releases/tag/OTP-26.2.1	Release Notes
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d	Patch
https://github.com/hierynomus/sshj/issues/916	Issue Tracking
https://github.com/janmojzis/tinyssh/issues/81	Issue Tracking
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5	Patch
https://github.com/libssh2/libssh2/pull/1291	Mitigation
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25	Patch
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3	Patch
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15	Product
https://github.com/mwiede/jsch/issues/457	Issue Tracking
https://github.com/mwiede/jsch/pull/461	Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16	Patch
https://github.com/openssh/openssh-portable/commits/master	Patch
https://github.com/paramiko/paramiko/issues/2337	Issue Tracking
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/issues/456	Issue Tracking
https://github.com/rapier1/hpn-ssh/releases	Release Notes
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst	Release Notes
https://github.com/ronf/asyncssh/tags	Release Notes
https://github.com/ssh-mitm/ssh-mitm/issues/165	Issue Tracking
https://github.com/warp-tech/russh/releases/tag/v0.40.2	Release Notes
https://gitlab.com/libssh/libssh-mirror/-/tags	Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ	Mailing List
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg	Mailing List
https://help.panic.com/releasenotes/transmit5/	Release Notes
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/	Press/Media Coverage
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html	Mailing List
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/	Mailing List Third Party Advisory
https://matt.ucc.asn.au/dropbear/CHANGES	Release Notes
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC	Patch
https://news.ycombinator.com/item?id=38684904	Issue Tracking
https://news.ycombinator.com/item?id=38685286	Issue Tracking
https://news.ycombinator.com/item?id=38732005	Issue Tracking
https://nova.app/releases/#v11.8	Release Notes
https://oryx-embedded.com/download/#changelog	Release Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002	Third Party Advisory
https://roumenpetrov.info/secsh/#news20231220	Release Notes
https://security-tracker.debian.org/tracker/CVE-2023-48795	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/libssh2	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2	Issue Tracking
https://security.gentoo.org/glsa/202312-16	Third Party Advisory
https://security.gentoo.org/glsa/202312-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0004/	Third Party Advisory
https://support.apple.com/kb/HT214084	Third Party Advisory
https://thorntech.com/cve-2023-48795-and-sftp-gateway/	Third Party Advisory
https://twitter.com/TrueSkrillor/status/1736774389725565005	Press/Media Coverage
https://ubuntu.com/security/CVE-2023-48795	Vendor Advisory
https://winscp.net/eng/docs/history#6.2.2	Release Notes
https://www.bitvise.com/ssh-client-version-history#933	Release Notes
https://www.bitvise.com/ssh-server-version-history	Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html	Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update	Release Notes
https://www.debian.org/security/2023/dsa-5586	Issue Tracking
https://www.debian.org/security/2023/dsa-5588	Issue Tracking
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc	Release Notes
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508	Vendor Advisory
https://www.netsarang.com/en/xshell-update-history/	Release Notes
https://www.openssh.com/openbsd.html	Release Notes
https://www.openssh.com/txt/release-9.6	Release Notes
https://www.openwall.com/lists/oss-security/2023/12/18/2	Mailing List
https://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
https://www.paramiko.org/changelog.html	Release Notes
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/	Issue Tracking
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/	Press/Media Coverage
https://www.terrapin-attack.com	Exploit
https://www.theregister.com/2023/12/20/terrapin_attack_ssh	Press/Media Coverage
https://www.vandyke.com/products/securecrt/history.txt	Release Notes
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/18/3	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/19/5	Mailing List
http://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
http://www.openwall.com/lists/oss-security/2024/03/06/3	Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/8	Mailing List
https://access.redhat.com/security/cve/cve-2023-48795	Third Party Advisory
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/	Press/Media Coverage
https://bugs.gentoo.org/920280	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2254210	Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1217950	Issue Tracking
https://crates.io/crates/thrussh/versions	Release Notes
https://filezilla-project.org/versions.php	Release Notes
https://forum.netgate.com/topic/184941/terrapin-ssh-attack	Issue Tracking
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6	Patch
https://github.com/NixOS/nixpkgs/pull/275249	Release Notes
https://github.com/PowerShell/Win32-OpenSSH/issues/2189	Issue Tracking
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta	Release Notes
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0	Patch
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1	Release Notes
https://github.com/advisories/GHSA-45x7-px36-x8w8	Third Party Advisory
https://github.com/apache/mina-sshd/issues/445	Issue Tracking
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab	Patch
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22	Third Party Advisory
https://github.com/cyd01/KiTTY/issues/520	Issue Tracking
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6	Release Notes
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42	Patch
https://github.com/erlang/otp/releases/tag/OTP-26.2.1	Release Notes
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d	Patch
https://github.com/hierynomus/sshj/issues/916	Issue Tracking
https://github.com/janmojzis/tinyssh/issues/81	Issue Tracking
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5	Patch
https://github.com/libssh2/libssh2/pull/1291	Mitigation
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25	Patch
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3	Patch
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15	Product
https://github.com/mwiede/jsch/issues/457	Issue Tracking
https://github.com/mwiede/jsch/pull/461	Release Notes
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16	Patch
https://github.com/openssh/openssh-portable/commits/master	Patch
https://github.com/paramiko/paramiko/issues/2337	Issue Tracking
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES	Release Notes
https://github.com/proftpd/proftpd/issues/456	Issue Tracking
https://github.com/rapier1/hpn-ssh/releases	Release Notes
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst	Release Notes
https://github.com/ronf/asyncssh/tags	Release Notes
https://github.com/ssh-mitm/ssh-mitm/issues/165	Issue Tracking
https://github.com/warp-tech/russh/releases/tag/v0.40.2	Release Notes
https://gitlab.com/libssh/libssh-mirror/-/tags	Release Notes
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ	Mailing List
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg	Mailing List
https://help.panic.com/releasenotes/transmit5/	Release Notes
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/	Press/Media Coverage
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html	Mailing List
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/	Mailing List Third Party Advisory
https://matt.ucc.asn.au/dropbear/CHANGES	Release Notes
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC	Patch
https://news.ycombinator.com/item?id=38684904	Issue Tracking
https://news.ycombinator.com/item?id=38685286	Issue Tracking
https://news.ycombinator.com/item?id=38732005	Issue Tracking
https://nova.app/releases/#v11.8	Release Notes
https://oryx-embedded.com/download/#changelog	Release Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002	Third Party Advisory
https://roumenpetrov.info/secsh/#news20231220	Release Notes
https://security-tracker.debian.org/tracker/CVE-2023-48795	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/libssh2	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg	Vendor Advisory
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2	Issue Tracking
https://security.gentoo.org/glsa/202312-16	Third Party Advisory
https://security.gentoo.org/glsa/202312-17	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240105-0004/	Third Party Advisory
https://support.apple.com/kb/HT214084	Third Party Advisory
https://thorntech.com/cve-2023-48795-and-sftp-gateway/	Third Party Advisory
https://twitter.com/TrueSkrillor/status/1736774389725565005	Press/Media Coverage
https://ubuntu.com/security/CVE-2023-48795	Vendor Advisory
https://winscp.net/eng/docs/history#6.2.2	Release Notes
https://www.bitvise.com/ssh-client-version-history#933	Release Notes
https://www.bitvise.com/ssh-server-version-history	Release Notes
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html	Release Notes
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update	Release Notes
https://www.debian.org/security/2023/dsa-5586	Issue Tracking
https://www.debian.org/security/2023/dsa-5588	Issue Tracking
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc	Release Notes
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508	Vendor Advisory
https://www.netsarang.com/en/xshell-update-history/	Release Notes
https://www.openssh.com/openbsd.html	Release Notes
https://www.openssh.com/txt/release-9.6	Release Notes
https://www.openwall.com/lists/oss-security/2023/12/18/2	Mailing List
https://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
https://www.paramiko.org/changelog.html	Release Notes
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/	Issue Tracking
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/	Press/Media Coverage
https://www.terrapin-attack.com	Exploit
https://www.theregister.com/2023/12/20/terrapin_attack_ssh	Press/Media Coverage
https://www.vandyke.com/products/securecrt/history.txt	Release Notes
https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*

Configuration 12 (hide)

cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*

Configuration 14 (hide)

OR	cpe:2.3:o:lancom-systems:lcos_sx:4.20:::::::*
	cpe:2.3:o:lancom-systems:lcos_sx:5.20:::::::*

Configuration 15 (hide)

cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*

Configuration 16 (hide)

cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*

Configuration 17 (hide)

cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*

Configuration 18 (hide)

cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*

Configuration 19 (hide)

cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*

Configuration 20 (hide)

cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*

Configuration 21 (hide)

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Configuration 22 (hide)

cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*

Configuration 23 (hide)

cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*

Configuration 24 (hide)

cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*

Configuration 25 (hide)

cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*

Configuration 26 (hide)

cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*

Configuration 27 (hide)

cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*

Configuration 28 (hide)

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Configuration 29 (hide)

OR	cpe:2.3:a:redhat:openstack_platform:16.1:::::::*
	cpe:2.3:a:redhat:openstack_platform:16.2:::::::*
	cpe:2.3:a:redhat:openstack_platform:17.1:::::::*

Configuration 30 (hide)

cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*

Configuration 31 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 32 (hide)

cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*

Configuration 33 (hide)

cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*

Configuration 34 (hide)

cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*

Configuration 35 (hide)

cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*

Configuration 36 (hide)

cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*

Configuration 37 (hide)

cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*

Configuration 38 (hide)

cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*

Configuration 39 (hide)

cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*

Configuration 40 (hide)

cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*

Configuration 41 (hide)

cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*

Configuration 42 (hide)

cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*

Configuration 43 (hide)

cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*

Configuration 44 (hide)

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*

Configuration 45 (hide)

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

Configuration 46 (hide)

OR	cpe:2.3:a:redhat:advanced_cluster_security:3.0:::::::*
	cpe:2.3:a:redhat:advanced_cluster_security:4.0:::::::*

Configuration 47 (hide)

cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*

Configuration 48 (hide)

cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*

Configuration 49 (hide)

cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*

Configuration 50 (hide)

cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

Configuration 51 (hide)

cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*

Configuration 52 (hide)

cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*

Configuration 53 (hide)

cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*

Configuration 54 (hide)

cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*

Configuration 55 (hide)

cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*

Configuration 56 (hide)

cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*

Configuration 57 (hide)

cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*

Configuration 58 (hide)

cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*

Configuration 59 (hide)

cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*

Configuration 60 (hide)

cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*

Configuration 61 (hide)

cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*

Configuration 62 (hide)

cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*

Configuration 63 (hide)

cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*

Configuration 64 (hide)

cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*

Configuration 65 (hide)

cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*

Configuration 66 (hide)

cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*

Configuration 67 (hide)

AND

cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*

Configuration 68 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 69 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 70 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

14 May 2025, 20:15

Type	Values Removed	Values Added
References		() https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit - () https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability -

02 Dec 2024, 14:54

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2024/03/06/3 -~~	() http://www.openwall.com/lists/oss-security/2024/03/06/3 - Mailing List
References	~~() http://www.openwall.com/lists/oss-security/2024/04/17/8 -~~	() http://www.openwall.com/lists/oss-security/2024/04/17/8 - Mailing List

21 Nov 2024, 08:32

01 May 2024, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2024/03/06/3 - () http://www.openwall.com/lists/oss-security/2024/04/17/8 -

29 Apr 2024, 18:41

25 Apr 2024, 22:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html -

13 Mar 2024, 21:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Mar/21 -

07 Mar 2024, 19:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214084 -

29 Jan 2024, 09:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ - () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 -

11 Jan 2024, 04:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ -

11 Jan 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ -

10 Jan 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ -

09 Jan 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ -

05 Jan 2024, 18:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240105-0004/ -

30 Dec 2023, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ -

29 Dec 2023, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ -

28 Dec 2023, 18:26

28 Dec 2023, 03:15

Type	Values Removed	Values Added
References		() https://security.gentoo.org/glsa/202312-16 - () https://security.gentoo.org/glsa/202312-17 -

26 Dec 2023, 04:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html -

24 Dec 2023, 21:15

Type	Values Removed	Values Added
References		() https://github.com/ssh-mitm/ssh-mitm/issues/165 - () https://news.ycombinator.com/item?id=38732005 -

24 Dec 2023, 18:15

Type	Values Removed	Values Added
References		() https://www.debian.org/security/2023/dsa-5588 -

24 Dec 2023, 17:15

Type	Values Removed	Values Added
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

22 Dec 2023, 15:15

Type	Values Removed	Values Added
References		() https://filezilla-project.org/versions.php - () https://github.com/PowerShell/Win32-OpenSSH/issues/2189 - () https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta - () https://github.com/cyd01/KiTTY/issues/520 - () https://help.panic.com/releasenotes/transmit5/ - () https://nova.app/releases/#v11.8 - () https://roumenpetrov.info/secsh/#news20231220 - () https://winscp.net/eng/docs/history#6.2.2 - () https://www.bitvise.com/ssh-client-version-history#933 - () https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 - () https://www.theregister.com/2023/12/20/terrapin_attack_ssh - () https://www.vandyke.com/products/securecrt/history.txt -
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

22 Dec 2023, 13:15

Type	Values Removed	Values Added
References		() https://www.debian.org/security/2023/dsa-5586 -

22 Dec 2023, 04:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ -

21 Dec 2023, 14:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html -

20 Dec 2023, 23:15

Type	Values Removed	Values Added
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.
References		() https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 - () https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 - () https://www.openwall.com/lists/oss-security/2023/12/20/3 -

20 Dec 2023, 21:15

Type	Values Removed	Values Added
References		() https://github.com/apache/mina-sshd/issues/445 - () https://github.com/hierynomus/sshj/issues/916 - () https://github.com/janmojzis/tinyssh/issues/81 - () https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES - () https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES -
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.

20 Dec 2023, 12:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2023/12/20/3 -

20 Dec 2023, 07:15

Type	Values Removed	Values Added
References		() https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ -

20 Dec 2023, 02:15

Type	Values Removed	Values Added
References		() https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc -

20 Dec 2023, 01:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2023/12/19/5 -

19 Dec 2023, 19:15

Type	Values Removed	Values Added
References		() https://crates.io/crates/thrussh/versions - () https://github.com/NixOS/nixpkgs/pull/275249 - () https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 - () https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab - () https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 - () https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 - () https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 - () https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES - () https://github.com/proftpd/proftpd/issues/456 - () https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC - () https://oryx-embedded.com/download/#changelog - () https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update - () https://www.netsarang.com/en/xshell-update-history/ - () https://www.paramiko.org/changelog.html -
Summary		(es) El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociación de extensión) y, en consecuencia, un cliente y un servidor pueden terminar con una conexión para la cual algunas características de seguridad han sido degradadas o deshabilitadas, también conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de números de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisión se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto también afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podría haber efectos en Bitvise SSH hasta la versión 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.

19 Dec 2023, 05:15

Type	Values Removed	Values Added
References		() https://forum.netgate.com/topic/184941/terrapin-ssh-attack - () https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 - () https://github.com/rapier1/hpn-ssh/releases -
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31.

19 Dec 2023, 00:15

Type	Values Removed	Values Added
References		() https://github.com/libssh2/libssh2/pull/1291 -

18 Dec 2023, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/security/cve/cve-2023-48795 - () https://bugs.gentoo.org/920280 - () https://bugzilla.redhat.com/show_bug.cgi?id=2254210 - () https://bugzilla.suse.com/show_bug.cgi?id=1217950 - () https://github.com/advisories/GHSA-45x7-px36-x8w8 - () https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 - () https://github.com/erlang/otp/releases/tag/OTP-26.2.1 - () https://github.com/mwiede/jsch/pull/461 - () https://security-tracker.debian.org/tracker/CVE-2023-48795 - () https://security-tracker.debian.org/tracker/source-package/libssh2 - () https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg - () https://ubuntu.com/security/CVE-2023-48795 - () https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ -

18 Dec 2023, 19:15

Type	Values Removed	Values Added
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, and libssh before 0.10.6; and there could be effects on Bitvise SSH through 9.31.
References		() https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 - () https://github.com/mwiede/jsch/issues/457 -

18 Dec 2023, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2023/12/18/3 - () https://github.com/paramiko/paramiko/issues/2337 - () https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg - () https://news.ycombinator.com/item?id=38684904 - () https://news.ycombinator.com/item?id=38685286 -
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, and golang.org/x/crypto before 0.17.0; and there could be effects on Bitvise SSH through 9.31 and libssh through 0.10.5.

18 Dec 2023, 17:15

Type	Values Removed	Values Added
References		() https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 - () https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d - () https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst - () https://github.com/warp-tech/russh/releases/tag/v0.40.2 - () https://thorntech.com/cve-2023-48795-and-sftp-gateway/ - () https://twitter.com/TrueSkrillor/status/1736774389725565005 - () https://www.openwall.com/lists/oss-security/2023/12/18/2 -
Summary	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, and PuTTY before 0.80; and there could be effects on Bitvise SSH through 9.31, AsyncSSH through 2.14.1, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17.	(en) The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, and AsyncSSH before 2.14.2; and there could be effects on Bitvise SSH through 9.31, libssh through 0.10.5, and golang.org/x/crypto through 2023-12-17.

18 Dec 2023, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-18 16:15

Updated : 2025-05-14 20:15

NVD link : CVE-2023-48795

Mitre link : CVE-2023-48795

CVE.ORG link : CVE-2023-48795

JSON object : View

Products Affected

paramiko

paramiko

asyncssh_project

asyncssh

jadaptive

maverick_synergy_java_ssh_api

microsoft

powershell

redhat

openshift_container_platform
openshift_pipelines
single_sign-on
discovery
jboss_enterprise_application_platform
keycloak
openstack_platform
openshift_serverless
openshift_api_for_data_protection
openshift_gitops
openshift_dev_spaces
advanced_cluster_security
cert-manager_operator_for_red_hat_openshift
openshift_data_foundation
enterprise_linux
openshift_virtualization
storage
openshift_developer_tools_and_services
ceph_storage

bitvise

ssh_server
ssh_client

libssh

libssh

debian

debian_linux

apple

macos

oryx-embedded

cyclone_ssh

ssh2_project

ssh2

russh_project

russh

connectbot

sshlib

filezilla-project

filezilla_client

net-ssh

net-ssh

golang

crypto

panic

nova
transmit_5

freebsd

freebsd

roumenpetrov

pkixssh

dropbear_ssh_project

dropbear_ssh

ssh

openbsd

openssh

libssh2

libssh2

lancom-systems

lcos_sx
lcos_fx
lcos_lx
lanconfig
lcos

erlang

erlang\/otp

netgate

pfsense_ce
pfsense_plus

apache

sshj
sshd

gentoo

security

putty

putty

9bis

kitty

tera_term_project

tera_term

crates

thrussh

vandyke

securecrt

proftpd

proftpd

crushftp

crushftp

sftpgo_project

sftpgo

matez

jsch

tinyssh

tinyssh

netsarang

xshell_7

thorntech

sftp_gateway_firmware

trilead

ssh2

fedoraproject

fedora

winscp

winscp

CWE

CWE-354

Improper Validation of Integrity Check Value

5.9 /10