U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE UPDATE

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

CVE-2023-48795 Detail

Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.


Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  5.9 MEDIUM
Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html Third Party Advisory  VDB Entry 
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3 Mailing List 
http://www.openwall.com/lists/oss-security/2023/12/19/5 Mailing List 
http://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List  Mitigation 
https://access.redhat.com/security/cve/cve-2023-48795 Third Party Advisory 
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ Press/Media Coverage 
https://bugs.gentoo.org/920280 Issue Tracking 
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 Issue Tracking 
https://bugzilla.suse.com/show_bug.cgi?id=1217950 Issue Tracking 
https://crates.io/crates/thrussh/versions Release Notes 
https://filezilla-project.org/versions.php Release Notes 
https://forum.netgate.com/topic/184941/terrapin-ssh-attack Issue Tracking 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 Patch 
https://github.com/NixOS/nixpkgs/pull/275249 Release Notes 
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 Issue Tracking 
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta Release Notes 
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 Patch 
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 Release Notes 
https://github.com/advisories/GHSA-45x7-px36-x8w8 Third Party Advisory 
https://github.com/apache/mina-sshd/issues/445 Issue Tracking 
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab Patch 
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 Third Party Advisory 
https://github.com/cyd01/KiTTY/issues/520 Issue Tracking 
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 Release Notes 
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 Patch 
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 Release Notes 
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Patch 
https://github.com/hierynomus/sshj/issues/916 Issue Tracking 
https://github.com/janmojzis/tinyssh/issues/81 Issue Tracking 
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 Patch 
https://github.com/libssh2/libssh2/pull/1291 Mitigation 
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 Patch 
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 Patch 
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 Product 
https://github.com/mwiede/jsch/issues/457 Issue Tracking 
https://github.com/mwiede/jsch/pull/461 Release Notes 
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 Patch 
https://github.com/openssh/openssh-portable/commits/master Patch 
https://github.com/paramiko/paramiko/issues/2337 Issue Tracking 
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES Release Notes 
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES Release Notes 
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES Release Notes 
https://github.com/proftpd/proftpd/issues/456 Issue Tracking 
https://github.com/rapier1/hpn-ssh/releases Release Notes 
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst Release Notes 
https://github.com/ronf/asyncssh/tags Release Notes 
https://github.com/ssh-mitm/ssh-mitm/issues/165 Issue Tracking 
https://github.com/warp-tech/russh/releases/tag/v0.40.2 Release Notes 
https://gitlab.com/libssh/libssh-mirror/-/tags Release Notes 
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ Mailing List 
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg Mailing List 
https://help.panic.com/releasenotes/transmit5/ Release Notes 
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ Press/Media Coverage 
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html Mailing List 
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ Vendor Advisory 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES Release Notes 
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC Patch 
https://news.ycombinator.com/item?id=38684904 Issue Tracking 
https://news.ycombinator.com/item?id=38685286 Issue Tracking 
https://news.ycombinator.com/item?id=38732005 Issue Tracking 
https://nova.app/releases/#v11.8 Release Notes 
https://oryx-embedded.com/download/#changelog Release Notes 
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220 Release Notes 
https://security-tracker.debian.org/tracker/CVE-2023-48795 Vendor Advisory 
https://security-tracker.debian.org/tracker/source-package/libssh2 Vendor Advisory 
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Vendor Advisory 
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 Issue Tracking 
https://security.gentoo.org/glsa/202312-16 Third Party Advisory 
https://security.gentoo.org/glsa/202312-17 Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ Third Party Advisory 
https://twitter.com/TrueSkrillor/status/1736774389725565005 Press/Media Coverage 
https://ubuntu.com/security/CVE-2023-48795 Vendor Advisory 
https://winscp.net/eng/docs/history#6.2.2 Release Notes 
https://www.bitvise.com/ssh-client-version-history#933 Release Notes 
https://www.bitvise.com/ssh-server-version-history Release Notes 
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Release Notes 
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update Release Notes 
https://www.debian.org/security/2023/dsa-5586 Issue Tracking 
https://www.debian.org/security/2023/dsa-5588 Issue Tracking 
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc Release Notes 
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 Vendor Advisory 
https://www.netsarang.com/en/xshell-update-history/ Release Notes 
https://www.openssh.com/openbsd.html Release Notes 
https://www.openssh.com/txt/release-9.6 Release Notes 
https://www.openwall.com/lists/oss-security/2023/12/18/2 Mailing List 
https://www.openwall.com/lists/oss-security/2023/12/20/3 Mailing List  Mitigation 
https://www.paramiko.org/changelog.html Release Notes 
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ Issue Tracking 
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ Press/Media Coverage 
https://www.terrapin-attack.com Exploit 
https://www.theregister.com/2023/12/20/terrapin_attack_ssh Press/Media Coverage 
https://www.vandyke.com/products/securecrt/history.txt Release Notes 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-354 Improper Validation of Integrity Check Value cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

39 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-48795
NVD Published Date:
12/18/2023
NVD Last Modified:
03/13/2024
Source:
MITRE