CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
First published: Tue Dec 12 2023(Updated: )
### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario.
Credit: cve@mitre.org cve@mitre.org CVE-2023-48795 CVE-2023-51384 CVE-2023-51385
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openbsd Openssh | <9.6 | |
| Putty Putty | <0.80 | |
| Filezilla-project Filezilla Client | <3.66.4 | |
| Microsoft PowerShell | <=11.1.0 | |
| All of | ||
| Panic Transmit 5 | <5.10.4 | |
| Apple macOS | ||
| All of | ||
| Panic Nova | <11.8 | |
| Apple macOS | ||
| Roumenpetrov Pkixssh | <14.4 | |
| Winscp Winscp | <6.2.2 | |
| Bitvise SSH Client | <9.33 | |
| Bitvise SSH Server | <9.32 | |
| Lancom-systems Lcos | <=3.66.4 | |
| Lancom-systems Lcos Fx | ||
| Lancom-systems Lcos Lx | ||
| Lancom-systems Lcos Sx | =4.20 | |
| Lancom-systems Lcos Sx | =5.20 | |
| Lancom-systems Lanconfig | ||
| Vandyke Securecrt | <9.4.3 | |
| Libssh Libssh | <0.10.6 | |
| Net-ssh Net-ssh Ruby | =7.2.0 | |
| Ssh2 Project Ssh2 Node.js | <=1.11.0 | |
| Proftpd Proftpd | <=1.3.8b | |
| FreeBSD FreeBSD | <=12.4 | |
| Crates Thrussh | <0.35.1 | |
| Tera Term Project Tera Term | <=5.1 | |
| Oryx-embedded Cyclone Ssh | <2.3.4 | |
| CrushFTP CrushFTP | <=10.6.0 | |
| NetSarang XShell 7 | <build__0144 | |
| Paramiko Paramiko | <3.4.0 | |
| Redhat Openshift Container Platform | =4.0 | |
| Redhat Openstack Platform | =16.1 | |
| Redhat Openstack Platform | =16.2 | |
| Redhat Openstack Platform | =17.1 | |
| Redhat Ceph Storage | =6.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Redhat Openshift Serverless | ||
| Redhat Openshift Gitops | ||
| Redhat Openshift Pipelines | ||
| Redhat Openshift Developer Tools And Services | ||
| Redhat Openshift Data Foundation | =4.0 | |
| Redhat Openshift Api For Data Protection | ||
| Redhat Openshift Virtualization | =4 | |
| Redhat Storage | =3.0 | |
| Redhat Discovery | ||
| Redhat Openshift Dev Spaces | ||
| Redhat Cert-manager Operator For Red Hat Openshift | ||
| Redhat Keycloak | ||
| Redhat Jboss Enterprise Application Platform | =7.0 | |
| Redhat Single Sign-on | =7.0 | |
| Redhat Advanced Cluster Security | =3.0 | |
| Redhat Advanced Cluster Security | =4.0 | |
| Golang Crypto | <0.17.0 | |
| Russh Project Russh Rust | <0.40.2 | |
| Sftpgo Project Sftpgo | <2.5.6 | |
| Erlang Erlang\/otp | <26.2.1 | |
| Matez Jsch | <0.2.15 | |
| Libssh2 Libssh2 | <1.11.10 | |
| Asyncssh Project Asyncssh | <2.14.2 | |
| Dropbear Ssh Project Dropbear Ssh | <2022.83 | |
| Jadaptive Maverick Synergy Java Ssh Api | <3.1.0-snapshot | |
| Ssh Ssh | <5.11 | |
| Thorntech Sftp Gateway Firmware | <3.4.6 | |
| Netgate pfSense Plus | <=23.09.1 | |
| Netgate pfSense CE | <=2.7.2 | |
| CrushFTP CrushFTP | <10.6.0 | |
| Connectbot Sshlib | <2.2.22 | |
| Apache Sshd | <=2.11.0 | |
| Apache Sshj | <=0.37.0 | |
| Tinyssh Tinyssh | <=20230101 | |
| Trilead Ssh2 | =6401 | |
| 9bis Kitty | <=0.76.1.13 | |
| All of | ||
| Gentoo Security | ||
| Debian Debian Linux | ||
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 | |
| Debian Debian Linux | =10.0 | |
| Apple macOS | >=14.0<14.4 | |
| pip/paramiko | >=2.5.0<3.4.0 | 3.4.0 |
| go/golang.org/x/crypto | <0.17.0 | 0.17.0 |
| rust/russh | <0.40.2 | 0.40.2 |
| Apple macOS Sonoma | <14.4 | 14.4 |
| IBM Concert Software | <=1.0.0 - 1.0.1 | |
| redhat/PuTTY | <0.80 | 0.80 |
| redhat/AsyncSSH | <2.14.1 | 2.14.1 |
| redhat/libssh | <0.9.8 | 0.9.8 |
| redhat/libssh | <0.10.6 | 0.10.6 |
| redhat/golang.org/x/crypto/ssh | <0.17.0 | 0.17.0 |
| debian/dropbear | 2020.81-3+deb11u2 2022.83-1+deb12u2 2024.86-1 | |
| debian/erlang | <=1:23.2.6+dfsg-1+deb11u1<=1:25.2.3+dfsg-1 | 1:25.3.2.12+dfsg-3 |
| debian/filezilla | 3.52.2-3+deb11u1 3.63.0-1+deb12u3 3.68.0-1 | |
| debian/golang-go.crypto | <=1:0.0~git20201221.eec23a3-1<=1:0.4.0-1 | 1:0.25.0-1 |
| debian/jsch | 0.1.55-1 0.2.19-1 | |
| debian/libssh | 0.9.8-0+deb11u1 0.10.6-0+deb12u1 0.11.1-1 | |
| debian/libssh2 | 1.9.0-2+deb11u1 1.10.0-3 1.11.1-1 | |
| debian/openssh | 1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u3 1:9.9p1-3 | |
| debian/paramiko | <=2.7.2-1<=2.12.0-2 | 3.4.1-2 |
| debian/php-phpseclib | 2.0.30-2+deb11u2 2.0.30-2+deb11u1 2.0.42-1+deb12u2 2.0.42-1+deb12u1 2.0.47-3 | |
| debian/php-phpseclib3 | 3.0.19-1+deb12u3 3.0.19-1+deb12u2 3.0.42-1 | |
| debian/phpseclib | 1.0.19-3+deb11u2 1.0.19-3+deb11u1 1.0.20-1+deb12u2 1.0.20-1+deb12u1 1.0.23-3 | |
| debian/proftpd-dfsg | <=1.3.7a+dfsg-12+deb11u2 | 1.3.8+dfsg-4+deb12u3 1.3.8.b+dfsg-4 |
| debian/proftpd-mod-proxy | <=0.7-1 | 0.9.2-1+deb12u1 0.9.4-1 |
| debian/putty | 0.74-1+deb11u2 0.74-1+deb11u1 0.78-2+deb12u2 0.78-2+deb12u1 0.81-3 | |
| debian/python-asyncssh | <=2.5.0-0.1 | 2.5.0-0.1+deb11u1 2.10.1-2+deb12u1 2.18.0-1 |
| debian/tinyssh | <=20190101-1+deb11u1<=20230101-1 | 20241111-1 |
| debian/trilead-ssh2 | <=6401+svn158-1.1 |
Remedy
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
Remedy
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2023/12/20/terrapin_attack_ssh/
- http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://www.openwall.com/lists/oss-security/2023/12/18/3
- http://www.openwall.com/lists/oss-security/2023/12/19/5
- http://www.openwall.com/lists/oss-security/2023/12/20/3
- http://www.openwall.com/lists/oss-security/2024/03/06/3
- http://www.openwall.com/lists/oss-security/2024/04/17/8
- https://access.redhat.com/security/cve/cve-2023-48795
- https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
- https://bugs.gentoo.org/920280
- https://bugzilla.redhat.com/show_bug.cgi?id=2254210
- https://bugzilla.suse.com/show_bug.cgi?id=1217950
- https://crates.io/crates/thrussh/versions
- https://filezilla-project.org/versions.php
- https://forum.netgate.com/topic/184941/terrapin-ssh-attack
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
- https://github.com/NixOS/nixpkgs/pull/275249
- https://github.com/PowerShell/Win32-OpenSSH/issues/2189
- https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
- https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
- https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
- https://github.com/advisories/GHSA-45x7-px36-x8w8 (Advisory)
- https://github.com/apache/mina-sshd/issues/445
- https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
- https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
- https://github.com/cyd01/KiTTY/issues/520
- https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
- https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
- https://github.com/erlang/otp/releases/tag/OTP-26.2.1
- https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
- https://github.com/hierynomus/sshj/issues/916
- https://github.com/janmojzis/tinyssh/issues/81
- https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
- https://github.com/libssh2/libssh2/pull/1291
- https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
- https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
- https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
- https://github.com/mwiede/jsch/issues/457
- https://github.com/mwiede/jsch/pull/461
- https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
- https://github.com/openssh/openssh-portable/commits/master
- https://github.com/paramiko/paramiko/issues/2337
- https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
- https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
- https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
- https://github.com/proftpd/proftpd/issues/456
- https://github.com/rapier1/hpn-ssh/releases
- https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
- https://github.com/ronf/asyncssh/tags
- https://github.com/ssh-mitm/ssh-mitm/issues/165
- https://github.com/warp-tech/russh/releases/tag/v0.40.2
- https://gitlab.com/libssh/libssh-mirror/-/tags
- https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
- https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
- https://help.panic.com/releasenotes/transmit5/
- https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
- https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
- https://matt.ucc.asn.au/dropbear/CHANGES
- https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
- https://news.ycombinator.com/item?id=38684904
- https://news.ycombinator.com/item?id=38685286
- https://news.ycombinator.com/item?id=38732005
- https://nova.app/releases/#v11.8
- https://oryx-embedded.com/download/#changelog
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
- https://roumenpetrov.info/secsh/#news20231220
- https://security-tracker.debian.org/tracker/CVE-2023-48795
- https://security-tracker.debian.org/tracker/source-package/libssh2
- https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
- https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
- https://security.gentoo.org/glsa/202312-16
- https://security.gentoo.org/glsa/202312-17
- https://security.netapp.com/advisory/ntap-20240105-0004/
- https://support.apple.com/kb/HT214084
- https://thorntech.com/cve-2023-48795-and-sftp-gateway/
- https://twitter.com/TrueSkrillor/status/1736774389725565005
- https://ubuntu.com/security/CVE-2023-48795
- https://winscp.net/eng/docs/history#6.2.2
- https://www.bitvise.com/ssh-client-version-history#933
- https://www.bitvise.com/ssh-server-version-history
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
- https://www.debian.org/security/2023/dsa-5586
- https://www.debian.org/security/2023/dsa-5588
- https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
- https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
- https://www.netsarang.com/en/xshell-update-history/
- https://www.openssh.com/openbsd.html
- https://www.openssh.com/txt/release-9.6
- https://www.openwall.com/lists/oss-security/2023/12/18/2
- https://www.openwall.com/lists/oss-security/2023/12/20/3
- https://www.paramiko.org/changelog.html
- https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
- https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
- https://www.terrapin-attack.com
- https://www.theregister.com/2023/12/20/terrapin_attack_ssh
- https://www.vandyke.com/products/securecrt/history.txt
- https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
- https://nvd.nist.gov/vuln/detail/CVE-2023-48795
- https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
- https://go.dev/cl/550715
- https://go.dev/issue/64784
- https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
- https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
- https://help.panic.com/releasenotes/transmit5
- https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
- https://security.netapp.com/advisory/ntap-20240105-0004
- https://thorntech.com/cve-2023-48795-and-sftp-gateway
- https://www.netsarang.com/en/xshell-update-history
- https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
- https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
- https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
- https://launchpad.net/bugs/cve/CVE-2023-48795
- https://support.apple.com/en-us/HT214084 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
- https://www.ibm.com/support/pages/node/7173596 (Advisory)
- https://terrapin-attack.com/
- https://www.openwall.com/lists/oss-security/2023/12/18/3
- https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
- https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa
- https://svn.filezilla-project.org/filezilla?view=revision&revision=11047
- https://svn.filezilla-project.org/filezilla?view=revision&revision=11048
- https://svn.filezilla-project.org/filezilla?view=revision&revision=11049
- https://github.com/golang/go/issues/64784
- https://github.com/norrisjeremy/jsch/commit/6214da974286a8b94a95f4cf6cec96e972ffd370
- https://www.libssh.org/security/advisories/CVE-2023-48795.txt
- https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c
- https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd
- https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6
- https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d
- https://github.com/libssh2/libssh2/issues/1290
- https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
- https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
- https://github.com/phpseclib/phpseclib/issues/1972
- https://github.com/phpseclib/phpseclib/commit/c8e3ab9317abae80d7f58fd9acd9214b57572b32
- https://github.com/proftpd/proftpd/issues/1760
- https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682
- https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b
- https://github.com/Castaglia/proftpd-mod_proxy/issues/257
- https://github.com/Castaglia/proftpd-mod_proxy/commit/54612735629231de2242d6395d334539604872fb
- https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=244be5412728a7334a2d457fbac4e0a2597165e5
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=58fc33a155ad496bdcf380fa6193302240a15ae9
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb
- https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46
- https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
- https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
- https://github.com/janmojzis/tinyssh/commit/ebaa1bd23c2c548af70cc8151e85c74f4c8594bb
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255071
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255059
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255062
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255072
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255073
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255063
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255074
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255075
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255064
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255076
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255077
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255078
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255080
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255081
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255082
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255056
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255083
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255041
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255042
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255057
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255084
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255085
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255086
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255087
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255089
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255090
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255091
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255092
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255093
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255094
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255065
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255066
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255095
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255096
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255097
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255098
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255099
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255100
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255045
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255047
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255046
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255048
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255049
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255101
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255067
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255102
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255103
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255104
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255052
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255053
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255105
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255050
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255051
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255043
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255044
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255054
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255060
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255058
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255061
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255068
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255106
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255069
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255107
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255070
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255108
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255109
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255125
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2254210#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2254210#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2254210#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255862
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255863
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255907
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255908
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255912
- https://access.redhat.com/security/cve/CVE-2023-48795
- https://access.redhat.com/errata/RHSA-2024:0455
- https://access.redhat.com/errata/RHSA-2024:0429
- https://access.redhat.com/errata/RHSA-2024:0499
- https://access.redhat.com/errata/RHSA-2024:0538
- https://access.redhat.com/errata/RHSA-2024:0594
- https://access.redhat.com/errata/RHSA-2024:0606
- https://access.redhat.com/errata/RHSA-2024:0625
- https://access.redhat.com/errata/RHSA-2024:0628
- https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error
- https://github.com/oracle/oracle-linux/issues/125
- https://access.redhat.com/errata/RHSA-2024:0722
- https://access.redhat.com/errata/RHSA-2024:0789
- https://access.redhat.com/errata/RHSA-2024:0843
- https://access.redhat.com/errata/RHSA-2024:0880
- https://access.redhat.com/errata/RHSA-2024:0954
- https://access.redhat.com/errata/RHSA-2023:7197
- https://access.redhat.com/errata/RHSA-2023:7198
- https://access.redhat.com/errata/RHSA-2023:7201
- https://access.redhat.com/errata/RHSA-2024:0766
- https://access.redhat.com/errata/RHSA-2024:1130
- https://access.redhat.com/errata/RHSA-2024:1150
- https://access.redhat.com/errata/RHSA-2024:1193
- https://access.redhat.com/errata/RHSA-2024:1192
- https://access.redhat.com/errata/RHSA-2024:1194
- https://access.redhat.com/errata/RHSA-2024:1197
- https://access.redhat.com/errata/RHSA-2024:1196
- https://access.redhat.com/errata/RHSA-2024:1210
- https://access.redhat.com/errata/RHSA-2024:1557
- https://access.redhat.com/errata/RHSA-2024:1676
- https://access.redhat.com/errata/RHSA-2024:1675
- https://access.redhat.com/errata/RHSA-2024:1674
- https://access.redhat.com/errata/RHSA-2024:1677
- https://access.redhat.com/errata/RHSA-2024:1859
- https://access.redhat.com/errata/RHSA-2024:2988
- https://access.redhat.com/errata/RHSA-2024:2735
- https://access.redhat.com/errata/RHSA-2024:2768
- https://access.redhat.com/errata/RHSA-2024:2728
- https://access.redhat.com/errata/RHSA-2024:3479
- https://access.redhat.com/errata/RHSA-2024:3636
- https://access.redhat.com/errata/RHSA-2024:3634
- https://access.redhat.com/errata/RHSA-2024:3635
- https://access.redhat.com/errata/RHSA-2024:3918
- https://access.redhat.com/errata/RHSA-2024:4010
- https://access.redhat.com/errata/RHSA-2024:0040
- https://access.redhat.com/errata/RHSA-2024:0041
- https://access.redhat.com/errata/RHSA-2024:4151
- https://access.redhat.com/errata/RHSA-2024:4329
- https://access.redhat.com/errata/RHSA-2024:4479
- https://access.redhat.com/errata/RHSA-2024:4484
- https://access.redhat.com/errata/RHSA-2024:4597
- https://access.redhat.com/errata/RHSA-2024:4662
- https://access.redhat.com/errata/RHSA-2024:4613
- https://access.redhat.com/errata/RHSA-2024:4955
- https://access.redhat.com/errata/RHSA-2024:4959
- https://access.redhat.com/errata/RHSA-2024:4960
- https://access.redhat.com/errata/RHSA-2024:5200
- https://access.redhat.com/errata/RHSA-2024:5438
- https://access.redhat.com/errata/RHSA-2024:5432
- https://access.redhat.com/errata/RHSA-2024:5433
- https://access.redhat.com/errata/RHSA-2024:6406
- https://access.redhat.com/errata/RHSA-2024:3718
- https://access.redhat.com/errata/RHSA-2024:8235
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-23291
- CVE-2024-23276
- CVE-2024-23227
- CVE-2024-27886
- CVE-2024-23233
- CVE-2024-23269
- CVE-2024-23288
- CVE-2024-23277
- CVE-2024-23247
- CVE-2024-23248
- CVE-2024-23249
- CVE-2024-23250
- CVE-2024-23299
- CVE-2024-23244
- CVE-2024-23205
- CVE-2022-48554
- CVE-2024-23229
- CVE-2024-27789
- CVE-2024-23253
- CVE-2024-23270
- CVE-2024-23257
- CVE-2024-23258
- CVE-2024-23286
- CVE-2024-23234
- CVE-2024-23266
- CVE-2024-23235
- CVE-2024-23265
- CVE-2024-23225
- CVE-2024-27853
- CVE-2024-23278
- CVE-2024-0258
- CVE-2024-23279
- CVE-2024-23287
- CVE-2024-23264
- CVE-2024-23285
- CVE-2024-27809
- CVE-2024-23283
- CVE-2024-27887
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
- CVE-2022-42816
- CVE-2024-23216
- CVE-2024-23267
- CVE-2024-23268
- CVE-2024-23274
- CVE-2023-42853
- CVE-2024-23275
- CVE-2024-27888
- CVE-2024-23255
- CVE-2024-23294
- CVE-2024-23296
- CVE-2024-23259
- CVE-2024-23273
- CVE-2024-23238
- CVE-2024-23239
- CVE-2024-23290
- CVE-2024-23232
- CVE-2024-23231
- CVE-2024-23230
- CVE-2024-23245
- CVE-2024-23292
- CVE-2024-23289
- CVE-2024-23293
- CVE-2024-23241
- CVE-2024-23272
- CVE-2024-23242
- CVE-2024-23281
- CVE-2024-27792
- CVE-2024-23261
- CVE-2024-23260
- CVE-2024-23246
- CVE-2024-23226
- CVE-2024-23254
- CVE-2024-23263
- CVE-2024-23280
- CVE-2024-23284
- collector/oss-sec
- alias/CVE-2023-48795
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/title
- collector/the-register
- source/The Register
- alias/CVE-2023-46445
- alias/CVE-2023-46446
- agent/author
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-45x7-px36-x8w8
- collector/nvd-cve
- collector/github-advisory
- collector/launchpad-cve
- source/Launchpad
- collector/apple-support
- source/Apple
- alias/CVE-2023-51384
- alias/CVE-2023-51385
- collector/mitre-cve
- source/MITRE
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/event
- collector/ibm-support
- source/IBM
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- vendor/openbsd
- canonical/openbsd openssh
- vendor/putty
- canonical/putty putty
- vendor/filezilla-project
- canonical/filezilla-project filezilla client
- vendor/microsoft
- canonical/microsoft powershell
- version/microsoft powershell/11.1.0
- vendor/panic
- canonical/panic transmit 5
- vendor/apple
- canonical/apple macos
- canonical/panic nova
- vendor/roumenpetrov
- canonical/roumenpetrov pkixssh
- vendor/winscp
- canonical/winscp winscp
- vendor/bitvise
- canonical/bitvise ssh client
- canonical/bitvise ssh server
- vendor/lancom-systems
- canonical/lancom-systems lcos
- version/lancom-systems lcos/3.66.4
- canonical/lancom-systems lcos fx
- canonical/lancom-systems lcos lx
- canonical/lancom-systems lcos sx
- version/lancom-systems lcos sx/4.20
- version/lancom-systems lcos sx/5.20
- canonical/lancom-systems lanconfig
- vendor/vandyke
- canonical/vandyke securecrt
- vendor/libssh
- canonical/libssh libssh
- vendor/net-ssh
- canonical/net-ssh net-ssh ruby
- version/net-ssh net-ssh ruby/7.2.0
- vendor/ssh2 project
- canonical/ssh2 project ssh2 node.js
- version/ssh2 project ssh2 node.js/1.11.0
- vendor/proftpd
- canonical/proftpd proftpd
- version/proftpd proftpd/1.3.8b
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/12.4
- vendor/crates
- canonical/crates thrussh
- vendor/tera term project
- canonical/tera term project tera term
- version/tera term project tera term/5.1
- vendor/oryx-embedded
- canonical/oryx-embedded cyclone ssh
- vendor/crushftp
- canonical/crushftp crushftp
- version/crushftp crushftp/10.6.0
- vendor/netsarang
- canonical/netsarang xshell 7
- vendor/paramiko
- canonical/paramiko paramiko
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/redhat openstack platform
- version/redhat openstack platform/16.1
- version/redhat openstack platform/16.2
- version/redhat openstack platform/17.1
- canonical/redhat ceph storage
- version/redhat ceph storage/6.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- canonical/redhat openshift serverless
- canonical/redhat openshift gitops
- canonical/redhat openshift pipelines
- canonical/redhat openshift developer tools and services
- canonical/redhat openshift data foundation
- version/redhat openshift data foundation/4.0
- canonical/redhat openshift api for data protection
- canonical/redhat openshift virtualization
- version/redhat openshift virtualization/4
- canonical/redhat storage
- version/redhat storage/3.0
- canonical/redhat discovery
- canonical/redhat openshift dev spaces
- canonical/redhat cert-manager operator for red hat openshift
- canonical/redhat keycloak
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.0
- canonical/redhat single sign-on
- version/redhat single sign-on/7.0
- canonical/redhat advanced cluster security
- version/redhat advanced cluster security/3.0
- version/redhat advanced cluster security/4.0
- vendor/golang
- canonical/golang crypto
- vendor/russh project
- canonical/russh project russh rust
- vendor/sftpgo project
- canonical/sftpgo project sftpgo
- vendor/erlang
- canonical/erlang erlang\/otp
- vendor/matez
- canonical/matez jsch
- vendor/libssh2
- canonical/libssh2 libssh2
- vendor/asyncssh project
- canonical/asyncssh project asyncssh
- vendor/dropbear ssh project
- canonical/dropbear ssh project dropbear ssh
- vendor/jadaptive
- canonical/jadaptive maverick synergy java ssh api
- vendor/ssh
- canonical/ssh ssh
- vendor/thorntech
- canonical/thorntech sftp gateway firmware
- vendor/netgate
- canonical/netgate pfsense plus
- version/netgate pfsense plus/23.09.1
- canonical/netgate pfsense ce
- version/netgate pfsense ce/2.7.2
- vendor/connectbot
- canonical/connectbot sshlib
- vendor/apache
- canonical/apache sshd
- version/apache sshd/2.11.0
- canonical/apache sshj
- version/apache sshj/0.37.0
- vendor/tinyssh
- canonical/tinyssh tinyssh
- version/tinyssh tinyssh/20230101
- vendor/trilead
- canonical/trilead ssh2
- version/trilead ssh2/6401
- vendor/9bis
- canonical/9bis kitty
- version/9bis kitty/0.76.1.13
- vendor/gentoo
- canonical/gentoo security
- vendor/debian
- canonical/debian debian linux
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- version/debian debian linux/10.0
- version/apple macos/14.0
- package-manager/pip
- package-manager/go
- package-manager/rust
- canonical/apple macos sonoma
- vendor/ibm
- canonical/ibm concert software
- version/ibm concert software/1.0.0 - 1.0.1
- package-manager/debian
- package-manager/redhat