VDB
ALPINE-CVE-2023-51384
ALPINE-CVE-2023-51384
PUBLISHED
CVSS 5.5 MEDIUM
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.16 | openssh | *, 5.1_p1-r1, 5.1p1-r0 |
| Alpine:v3.17 | openssh | 7.1, 7.1, 7.2 |
| Alpine:v3.21 | openssh | 7.1, 9.3, 9.3 |
| Alpine:v3.23 | openssh | 5.6_p1-r1, 8.9, 9.5 |
| Alpine:v3.22 | openssh | 8.9, 0, 5.1_p1-r1 |
| Alpine:v3.20 | openssh | 7.1_p1-r0, 8.9, 9.5 |
| Alpine:v3.19 | openssh | 5.1p1-r0, 5.1_p1-r1, * |
| Alpine:v3.24 | openssh | 8.9 |
Timeline
- Dec 18, 2023 CVE Published
- Apr 30, 2026 Distribution Patch
- Jul 8, 2026 CVE Updated