In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
{
"cna_assigner": "mitre",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51385.json"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "9.6"
}
],
"cpe": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51385.json"
"2026-06-19T04:27:26Z"
[
{
"source": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"target": {
"function": "main",
"file": "ssh.c"
},
"deprecated": false,
"id": "CVE-2023-51385-0a0232ee",
"digest": {
"function_hash": "70957496196284585050479216237541973508",
"length": 25589.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"target": {
"file": "ssh.c"
},
"deprecated": false,
"id": "CVE-2023-51385-1f7f63ed",
"digest": {
"line_hashes": [
"302129403808892202751107050716447255615",
"131931615182977091926508911644840089378",
"292141981209210395634936391072959491054",
"163768464370795856549232577824910300828",
"228255596276621902893441569339173223720",
"54970469869008711962314518569320120653",
"292412567841264930351270340709776136395"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
}
]