medium
4.8
CWE
74
EPSS
0.045%
Advisory Published
CVE Published
CVE Published
Updated

CVE-2023-6004: Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

First published: Wed Nov 22 2023(Updated: )

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Libssh Libssh>=0.8.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/libssh<0.9.8
0.9.8
redhat/libssh<0.10.6
0.10.6
ubuntu/libssh<0.6.3-4.3ubuntu0.6+
0.6.3-4.3ubuntu0.6+
ubuntu/libssh<0.8.0~20170825.94
0.8.0~20170825.94
ubuntu/libssh<0.9.3-2ubuntu2.5
0.9.3-2ubuntu2.5
ubuntu/libssh<0.9.6-2ubuntu0.22.04.3
0.9.6-2ubuntu0.22.04.3
ubuntu/libssh<0.10.4-2ubuntu0.3
0.10.4-2ubuntu0.3
ubuntu/libssh<0.10.5-3ubuntu1.2
0.10.5-3ubuntu1.2
ubuntu/libssh<0.10.6-1
0.10.6-1
debian/libssh<=0.8.7-1+deb10u1<=0.8.7-1+deb10u2
0.9.8-0+deb11u1
0.10.6-0+deb12u1
0.10.6-2

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/1a02364b5107a4125ea3cb76fcdb6beabaebf3be

Remedy

https://gitlab.com/libssh/libssh-mirror/-/commit/6f1b1e76bb38bc89819132e1810e4301ec9034a4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203