DEBIAN-CVE-2023-51767

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-51767

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-51767.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-51767

Upstream

CVE-2023-51767

Withdrawn

2025-09-25T04:39:33.181965Z

Published

2023-12-24T07:15:07Z

Modified

2025-09-18T05:18:02Z

Summary

[none]

Details

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

References

https://security-tracker.debian.org/tracker/CVE-2023-51767

Affected packages

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}