| No Vulnerabilities found |
|---|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| No Misconfigurations found |
|---|
| golang.org/x/net |
CVE-2023-45288 |
MEDIUM |
v0.22.0 |
0.23.0 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|
| golang.org/x/crypto |
CVE-2023-48795 |
MEDIUM |
v0.14.0 |
0.17.0 |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
http://seclists.org/fulldisclosure/2024/Mar/21
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
https://access.redhat.com/errata/RHSA-2024:1150
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/2254210
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
https://errata.almalinux.org/9/ALSA-2024-1150.html
https://errata.rockylinux.org/RLSA-2024:0628
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
https://gitlab.com/libssh/libssh-mirror/-/tags
https://go.dev/cl/550715
https://go.dev/issue/64784
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://linux.oracle.com/cve/CVE-2023-48795.html
https://linux.oracle.com/errata/ELSA-2024-12233.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://oryx-embedded.com/download/#changelog
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
https://security.netapp.com/advisory/ntap-20240105-0004
https://security.netapp.com/advisory/ntap-20240105-0004/
https://support.apple.com/kb/HT214084
https://terrapin-attack.com/
https://thorntech.com/cve-2023-48795-and-sftp-gateway
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://ubuntu.com/security/notices/USN-6560-1
https://ubuntu.com/security/notices/USN-6560-2
https://ubuntu.com/security/notices/USN-6561-1
https://ubuntu.com/security/notices/USN-6585-1
https://ubuntu.com/security/notices/USN-6589-1
https://ubuntu.com/security/notices/USN-6598-1
https://ubuntu.com/security/notices/USN-6738-1
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.debian.org/security/2023/dsa-5586
https://www.debian.org/security/2023/dsa-5588
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/18/3
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
|
| stdlib |
CVE-2023-45288 |
HIGH |
1.20.12 |
1.21.9, 1.22.2 |
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45288
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://linux.oracle.com/cve/CVE-2023-45288.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://nowotarski.info/http2-continuation-flood-technical-details
https://nowotarski.info/http2-continuation-flood/
https://nvd.nist.gov/vuln/detail/CVE-2023-45288
https://pkg.go.dev/vuln/GO-2024-2687
https://security.netapp.com/advisory/ntap-20240419-0009
https://security.netapp.com/advisory/ntap-20240419-0009/
https://www.cve.org/CVERecord?id=CVE-2023-45288
https://www.kb.cert.org/vuls/id/421644
|
| stdlib |
CVE-2023-45289 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45289
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45289.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45289
https://pkg.go.dev/vuln/GO-2024-2600
https://security.netapp.com/advisory/ntap-20240329-0006/
https://www.cve.org/CVERecord?id=CVE-2023-45289
|
| stdlib |
CVE-2023-45290 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569341
https://go.dev/issue/65383
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2023-45290.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2023-45290
https://pkg.go.dev/vuln/GO-2024-2599
https://security.netapp.com/advisory/ntap-20240329-0004/
https://www.cve.org/CVERecord?id=CVE-2023-45290
|
| stdlib |
CVE-2024-24783 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2724
https://access.redhat.com/security/cve/CVE-2024-24783
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2724.html
https://go.dev/cl/569339
https://go.dev/issue/65390
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24783.html
https://linux.oracle.com/errata/ELSA-2024-2724.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24783
https://pkg.go.dev/vuln/GO-2024-2598
https://security.netapp.com/advisory/ntap-20240329-0005/
https://www.cve.org/CVERecord?id=CVE-2024-24783
|
| stdlib |
CVE-2024-24784 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24784
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/555596
https://go.dev/issue/65083
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24784.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24784
https://pkg.go.dev/vuln/GO-2024-2609
https://security.netapp.com/advisory/ntap-20240329-0007/
https://www.cve.org/CVERecord?id=CVE-2024-24784
|
| stdlib |
CVE-2024-24785 |
MEDIUM |
1.20.12 |
1.21.8, 1.22.1 |
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://access.redhat.com/errata/RHSA-2024:2562
https://access.redhat.com/security/cve/CVE-2024-24785
https://bugzilla.redhat.com/2262921
https://bugzilla.redhat.com/2268017
https://bugzilla.redhat.com/2268018
https://bugzilla.redhat.com/2268019
https://bugzilla.redhat.com/2268021
https://bugzilla.redhat.com/2268022
https://bugzilla.redhat.com/2268273
https://errata.almalinux.org/9/ALSA-2024-2562.html
https://go.dev/cl/564196
https://go.dev/issue/65697
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://linux.oracle.com/cve/CVE-2024-24785.html
https://linux.oracle.com/errata/ELSA-2024-2562.html
https://nvd.nist.gov/vuln/detail/CVE-2024-24785
https://pkg.go.dev/vuln/GO-2024-2610
https://security.netapp.com/advisory/ntap-20240329-0008/
https://www.cve.org/CVERecord?id=CVE-2024-24785
|
| No Misconfigurations found |
|---|