← Back

CVE-2023-6004

nvd nist
Published: Jan 3, 2024Modified: Nov 4, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Exploitability: 1.3 / Impact: 3.4
Source: NVD

Description

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Affected (5)

Libssh
1 product
Libssh
Fedoraproject
1 product
Fedora
Redhat
1 product
Enterprise Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Libssh
Libssh
From 0.10.0 to 0.10.6
Libssh
From 0.8.0 to 0.9.8
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38
Redhat
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (13)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.