CVE-2023-51384

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-51384
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51384.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-51384
Downstream
Published
2023-12-18T19:15:08.720Z
Modified
2026-04-16T00:10:37.967120159Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "11.0"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "12.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/openssh/openssh-portable

Affected ranges

Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
166456cedad3962b83b848b1e9caf80794831f0f
Fixed
8241b9c0529228b4b86d88b1a6076fb9f97e4a99
Fixed
881d9c6af9da4257c69c327c4e2f1508b2fa754b
Database specific 
{
    "cpe": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "8.9"
        },
        {
            "fixed": "9.6"
        }
    ]
}

Affected versions

Other
V_8_9_P1
V_9_0_P1
V_9_1_P1
V_9_2_P1
V_9_3_P1
V_9_5_P1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51384.json"
vanir_signatures_modified 
"2026-04-12T08:24:17Z"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "165133495389554297912767730419079343328",
                "51357999955434305010492097827526105056",
                "237719418229141719700376624699526783696",
                "222509662087054981858724365674461944310",
                "77877875258432041824660753117188147160",
                "260180419508842306242026762219675778977",
                "319395782123128356350823936054264886001",
                "172655592712497241375021799634740338404",
                "183399105187236692764150687158924405640",
                "13300799163786537476821050767830715023",
                "221711053435872488017755765670535943696",
                "291311572882749541789877283323457299620",
                "210924518203033044114707095992339301332",
                "19911762018547012148449969924601994575",
                "277594480068207267620304023861492235757",
                "250061180844054679988232107686823032932",
                "187077904320853389933675193085424106859",
                "205896619791922447934686386543737829507",
                "45893456774503555158027456471775856766",
                "288516979117290764510509880060259271743",
                "132582832762637166722279977939824181863",
                "97735314150398434170463706927390337055",
                "307173292080022353125029275547071352355",
                "92036182733966272299927009172134763297",
                "22940543327438639525058052641308751744",
                "252438227409640733494615835613228794155",
                "202457347594211403788944331955161749688"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "ssh-agent.c"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
        "signature_version": "v1",
        "id": "CVE-2023-51384-04095291"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "175177923229075572065215605283815395961",
            "length": 950.0
        },
        "target": {
            "file": "ssh-agent.c",
            "function": "process_request_identities"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
        "signature_version": "v1",
        "id": "CVE-2023-51384-25d81cb7"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "214910033270401005651023148364417079835",
            "length": 2617.0
        },
        "target": {
            "file": "ssh-agent.c",
            "function": "process_add_identity"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
        "signature_version": "v1",
        "id": "CVE-2023-51384-344f481f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "149225205320621043989436734866009309103",
            "length": 1972.0
        },
        "target": {
            "file": "ssh-agent.c",
            "function": "process_add_smartcard_key"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
        "signature_version": "v1",
        "id": "CVE-2023-51384-c3bcb8ae"
    }
]