CVE-2023-51767

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-51767

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-51767.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-51767

Related

CGA-48mc-52qc-4c82

Published

2023-12-24T07:15:00Z

Modified

2023-12-24T07:15:00Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

References

Affected packages

Ubuntu:Pro:14.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.2p2-6

1:6.2p2-6ubuntu1

1:6.4p1-1

1:6.4p1-2

1:6.5p1-1

1:6.5p1-2

1:6.5p1-3

1:6.5p1-4

1:6.5p1-6

1:6.6p1-1

1:6.6p1-2

1:6.6p1-2ubuntu1

1:6.6p1-2ubuntu2

1:6.6p1-2ubuntu2.2

1:6.6p1-2ubuntu2.3

1:6.6p1-2ubuntu2.4

1:6.6p1-2ubuntu2.6

1:6.6p1-2ubuntu2.7

1:6.6p1-2ubuntu2.8

1:6.6p1-2ubuntu2.10

1:6.6p1-2ubuntu2.11

1:6.6p1-2ubuntu2.12

1:6.6p1-2ubuntu2.13

1:6.6p1-2ubuntu2.13+esm1

1:6.6p1-2ubuntu2.13+esm2

Ubuntu:Pro:16.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.9p1-2

1:6.9p1-3

1:7.*

1:7.1p1-1

1:7.1p1-3

1:7.1p1-4

1:7.1p1-6

1:7.1p2-1

1:7.1p2-2

1:7.2p1-1

1:7.2p2-1

1:7.2p2-2

1:7.2p2-3

1:7.2p2-4

1:7.2p2-4ubuntu1

1:7.2p2-4ubuntu2.1

1:7.2p2-4ubuntu2.2

1:7.2p2-4ubuntu2.4

1:7.2p2-4ubuntu2.5

1:7.2p2-4ubuntu2.6

1:7.2p2-4ubuntu2.7

1:7.2p2-4ubuntu2.8

1:7.2p2-4ubuntu2.10

1:7.2p2-4ubuntu2.10+esm1

1:7.2p2-4ubuntu2.10+esm2

1:7.2p2-4ubuntu2.10+esm3

1:7.2p2-4ubuntu2.10+esm4

1:7.2p2-4ubuntu2.10+esm5

Ubuntu:Pro:18.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*

1:7.5p1-10

1:7.6p1-4

1:7.6p1-4ubuntu0.1

1:7.6p1-4ubuntu0.2

1:7.6p1-4ubuntu0.3

1:7.6p1-4ubuntu0.5

1:7.6p1-4ubuntu0.6

1:7.6p1-4ubuntu0.7

1:7.6p1-4ubuntu0.7+esm1

1:7.6p1-4ubuntu0.7+esm2

1:7.6p1-4ubuntu0.7+esm3

Ubuntu:Pro:18.04:LTS / openssh-ssh1

Package

Name: openssh-ssh1
Purl: pkg:deb/ubuntu/openssh-ssh1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*

1:7.5p1-8

1:7.5p1-9

1:7.5p1-9build1

1:7.5p1-10

Ubuntu:20.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*

1:8.0p1-6build1

1:8.1p1-1

1:8.1p1-5

1:8.2p1-4

1:8.2p1-4ubuntu0.1

1:8.2p1-4ubuntu0.2

1:8.2p1-4ubuntu0.3

1:8.2p1-4ubuntu0.4

1:8.2p1-4ubuntu0.5

1:8.2p1-4ubuntu0.7

1:8.2p1-4ubuntu0.8

1:8.2p1-4ubuntu0.9

1:8.2p1-4ubuntu0.10

1:8.2p1-4ubuntu0.11

Ubuntu:20.04:LTS / openssh-ssh1

Package

Name: openssh-ssh1
Purl: pkg:deb/ubuntu/openssh-ssh1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*

1:7.5p1-11build1

Ubuntu:22.04:LTS / openssh

Package

Name: openssh
Purl: pkg:deb/ubuntu/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*

1:8.4p1-6ubuntu2

1:8.7p1-2

1:8.7p1-2build1

1:8.7p1-4

1:8.8p1-1

1:8.9p1-3

1:8.9p1-3ubuntu0.1

1:8.9p1-3ubuntu0.3

1:8.9p1-3ubuntu0.4

1:8.9p1-3ubuntu0.5

1:8.9p1-3ubuntu0.6

1:8.9p1-3ubuntu0.7

1:8.9p1-3ubuntu0.10

Ubuntu:22.04:LTS / openssh-ssh1

Package

Name: openssh-ssh1
Purl: pkg:deb/ubuntu/openssh-ssh1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*

1:7.5p1-12

1:7.5p1-12build1

1:7.5p1-13