CVE-2023-38408

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38408.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-38408
Related
Published
2023-07-20T03:15:10Z
Modified
2024-12-05T15:37:37.858156Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

References

Affected packages

Alpine:v3.16 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.0_p1-r4

Affected versions

5.*

5.1p1-r0
5.1_p1-r1
5.1_p1-r2
5.2_p1-r0
5.2_p1-r1
5.2_p1-r2
5.2_p1-r3
5.3_p1-r3
5.4_p1-r0
5.4_p1-r1
5.4_p1-r2
5.4_p1-r3
5.5_p1-r0
5.6_p1-r0
5.6_p1-r1
5.8_p1-r0
5.8_p1-r1
5.8_p1-r2
5.8_p2-r0
5.8_p2-r1
5.8_p2-r2
5.9_p1-r0
5.9_p1-r1
5.9_p1-r2

6.*

6.0_p1-r0
6.1_p1-r0
6.1_p1-r1
6.1_p1-r2
6.2_p1-r0
6.2_p2-r0
6.2_p2-r1
6.2_p2-r2
6.3_p1-r0
6.3_p1-r1
6.3_p1-r2
6.4_p1-r0
6.4_p1-r1
6.6_p1-r0
6.6_p1-r1
6.6_p1-r2
6.6_p1-r3
6.6_p1-r4
6.6_p1-r5
6.6_p1-r6
6.7_p1-r0
6.8_p1-r0
6.8_p1-r1
6.8_p1-r2
6.9_p1-r0
6.9_p1-r1
6.9_p1-r2
6.9_p1-r3
6.9_p1-r4
6.9_p1-r5

7.*

7.1_p1-r0
7.1_p1-r1
7.1_p2-r0
7.2_p1-r0
7.2_p2-r0
7.2_p2-r1
7.3_p1-r0
7.3_p1-r1
7.3_p1-r2
7.4_p1-r0
7.4_p1-r1
7.4_p1-r2
7.5_p1-r0
7.5_p1-r1
7.5_p1-r2
7.5_p1-r3
7.5_p1-r4
7.5_p1-r5
7.5_p1-r6
7.5_p1-r7
7.5_p1-r8
7.6_p1-r0
7.6_p1-r1
7.7_p1-r0
7.7_p1-r1
7.7_p1-r2
7.7_p1-r3
7.7_p1-r4
7.8_p1-r0
7.9_p1-r0
7.9_p1-r1
7.9_p1-r2
7.9_p1-r3
7.9_p1-r4
7.9_p1-r5

8.*

8.0_p1-r0
8.0_p1-r1
8.0_p1-r2
8.1_p1-r0
8.2_p1-r0
8.3_p1-r0
8.4_p1-r0
8.4_p1-r1
8.4_p1-r2
8.4_p1-r3
8.5_p1-r0
8.5_p1-r1
8.5_p1-r2
8.6_p1-r0
8.6_p1-r1
8.6_p1-r2
8.6_p1-r3
8.6_p1-r4
8.8_p1-r0
8.8_p1-r1
8.8_p1-r2
8.8_p1-r3
8.8_p1-r4
8.9_p1-r0

9.*

9.0_p1-r0
9.0_p1-r1
9.0_p1-r2
9.0_p1-r3

Alpine:v3.17 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.1_p1-r4

Affected versions

5.*

5.1p1-r0
5.1_p1-r1
5.1_p1-r2
5.2_p1-r0
5.2_p1-r1
5.2_p1-r2
5.2_p1-r3
5.3_p1-r3
5.4_p1-r0
5.4_p1-r1
5.4_p1-r2
5.4_p1-r3
5.5_p1-r0
5.6_p1-r0
5.6_p1-r1
5.8_p1-r0
5.8_p1-r1
5.8_p1-r2
5.8_p2-r0
5.8_p2-r1
5.8_p2-r2
5.9_p1-r0
5.9_p1-r1
5.9_p1-r2

6.*

6.0_p1-r0
6.1_p1-r0
6.1_p1-r1
6.1_p1-r2
6.2_p1-r0
6.2_p2-r0
6.2_p2-r1
6.2_p2-r2
6.3_p1-r0
6.3_p1-r1
6.3_p1-r2
6.4_p1-r0
6.4_p1-r1
6.6_p1-r0
6.6_p1-r1
6.6_p1-r2
6.6_p1-r3
6.6_p1-r4
6.6_p1-r5
6.6_p1-r6
6.7_p1-r0
6.8_p1-r0
6.8_p1-r1
6.8_p1-r2
6.9_p1-r0
6.9_p1-r1
6.9_p1-r2
6.9_p1-r3
6.9_p1-r4
6.9_p1-r5

7.*

7.1_p1-r0
7.1_p1-r1
7.1_p2-r0
7.2_p1-r0
7.2_p2-r0
7.2_p2-r1
7.3_p1-r0
7.3_p1-r1
7.3_p1-r2
7.4_p1-r0
7.4_p1-r1
7.4_p1-r2
7.5_p1-r0
7.5_p1-r1
7.5_p1-r2
7.5_p1-r3
7.5_p1-r4
7.5_p1-r5
7.5_p1-r6
7.5_p1-r7
7.5_p1-r8
7.6_p1-r0
7.6_p1-r1
7.7_p1-r0
7.7_p1-r1
7.7_p1-r2
7.7_p1-r3
7.7_p1-r4
7.8_p1-r0
7.9_p1-r0
7.9_p1-r1
7.9_p1-r2
7.9_p1-r3
7.9_p1-r4
7.9_p1-r5

8.*

8.0_p1-r0
8.0_p1-r1
8.0_p1-r2
8.1_p1-r0
8.2_p1-r0
8.3_p1-r0
8.4_p1-r0
8.4_p1-r1
8.4_p1-r2
8.4_p1-r3
8.5_p1-r0
8.5_p1-r1
8.5_p1-r2
8.6_p1-r0
8.6_p1-r1
8.6_p1-r2
8.6_p1-r3
8.6_p1-r4
8.8_p1-r0
8.8_p1-r1
8.8_p1-r2
8.8_p1-r3
8.8_p1-r4
8.9_p1-r0

9.*

9.0_p1-r0
9.0_p1-r1
9.0_p1-r2
9.0_p1-r3
9.0_p1-r4
9.1_p1-r0
9.1_p1-r1
9.1_p1-r2
9.1_p1-r3

Alpine:v3.19 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Alpine:v3.20 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Alpine:v3.21 / openssh

Package

Name
openssh
Purl
pkg:apk/alpine/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Debian:11 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:8.4p1-5+deb11u2

Affected versions

1:8.*

1:8.4p1-5
1:8.4p1-5+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.2p1-2+deb12u1

Affected versions

1:9.*

1:9.2p1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name
openssh
Purl
pkg:deb/debian/openssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.3p2-1

Affected versions

1:9.*

1:9.2p1-2
1:9.3p1-1
1:9.3p1-1+loong64

Ecosystem specific

{
    "urgency": "not yet assigned"
}