CVE-2023-51767

Name
CVE-2023-51767
Description
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://arxiv.org/abs/2309.02545
cve@mitre.org https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77
cve@mitre.org https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878
cve@mitre.org https://access.redhat.com/security/cve/CVE-2023-51767
cve@mitre.org https://bugzilla.redhat.com/show_bug.cgi?id=2255850
cve@mitre.org https://ubuntu.com/security/CVE-2023-51767
cve@mitre.org https://security.netapp.com/advisory/ntap-20240125-0006/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openssh:openssh:*:*:*:*:*:*:*:* openssh >= None <= 9.6
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* openssh == None == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openssh 3.18-main 9.3_p2-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.16-main 9.0_p1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.17-main 9.1_p1-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh edge-main 9.6_p1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.19-main 9.6_p1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable