AZL-34942

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34942.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34942

Upstream

CVE-2023-6004

Published

2024-01-03T17:15:11Z

Modified

2026-04-01T05:12:46.920552Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

CVE-2023-6004 affecting package libssh for versions less than 0.10.6-1

Details

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6004

Affected packages

Azure Linux:3 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34942.json"