An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
References
Configurations
History
22 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | |
References |
|
26 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 03:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-46445
Mitre link : CVE-2023-46445
CVE.ORG link : CVE-2023-46445
JSON object : View
Products Affected
asyncssh_project
- asyncssh
CWE
CWE-345
Insufficient Verification of Data Authenticity