CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:37

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory
References () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch, Third Party Advisory () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240105-0005/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240105-0005/ - Third Party Advisory
References () https://support.apple.com/kb/HT214084 - Third Party Advisory () https://support.apple.com/kb/HT214084 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5586 - Third Party Advisory () https://www.debian.org/security/2023/dsa-5586 - Third Party Advisory
References () https://www.openssh.com/txt/release-9.6 - Release Notes () https://www.openssh.com/txt/release-9.6 - Release Notes
References () https://www.openwall.com/lists/oss-security/2023/12/18/2 - Mailing List, Release Notes () https://www.openwall.com/lists/oss-security/2023/12/18/2 - Mailing List, Release Notes

16 May 2024, 20:05

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/21 - () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List, Third Party Advisory
References () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240105-0005/ - () https://security.netapp.com/advisory/ntap-20240105-0005/ - Third Party Advisory
References () https://support.apple.com/kb/HT214084 - () https://support.apple.com/kb/HT214084 - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5586 - () https://www.debian.org/security/2023/dsa-5586 - Third Party Advisory
First Time Debian
Debian debian Linux
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

13 Mar 2024, 21:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Mar/21 -

07 Mar 2024, 19:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214084 -

05 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240105-0005/ -

22 Dec 2023, 13:15

Type Values Removed Values Added
References
  • () https://www.debian.org/security/2023/dsa-5586 -

22 Dec 2023, 12:15

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - () https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b - Patch
References () https://www.openwall.com/lists/oss-security/2023/12/18/2 - () https://www.openwall.com/lists/oss-security/2023/12/18/2 - Mailing List, Release Notes
References () https://www.openssh.com/txt/release-9.6 - () https://www.openssh.com/txt/release-9.6 - Release Notes

19 Dec 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-18 19:15

Updated : 2024-11-21 08:37


NVD link : CVE-2023-51384

Mitre link : CVE-2023-51384

CVE.ORG link : CVE-2023-51384


JSON object : View

Products Affected

debian

  • debian_linux

openbsd

  • openssh