CVE-2023-51767

CVE-2023-51767

Name

CVE-2023-51767

Description

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://arxiv.org/abs/2309.02545
cve@mitre.org	https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77
cve@mitre.org	https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878
cve@mitre.org	https://access.redhat.com/security/cve/CVE-2023-51767
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=2255850
cve@mitre.org	https://ubuntu.com/security/CVE-2023-51767
cve@mitre.org	https://security.netapp.com/advisory/ntap-20240125-0006/
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/09/22/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/22/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/22/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/23/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/24/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/10/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/10/01/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/23/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/23/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/23/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/24/7
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/25/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/25/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/26/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/26/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/7
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/29/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/29/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/29/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/27/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/28/7
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/29/1

Type

URI

cve@mitre.org

https://arxiv.org/abs/2309.02545

cve@mitre.org

https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77

cve@mitre.org

https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878

cve@mitre.org

https://access.redhat.com/security/cve/CVE-2023-51767

cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=2255850

cve@mitre.org

https://ubuntu.com/security/CVE-2023-51767

cve@mitre.org

https://security.netapp.com/advisory/ntap-20240125-0006/

cve@mitre.org

https://www.openwall.com/lists/oss-security/2025/09/22/1