VDB
CVE-2023-46445
CVE-2023-46445
PUBLISHED
CVSS 5.300000190734863 MEDIUM
AsyncSSH Rogue Extension Negotiation
EPSS 0.45% · 63.8th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.45%
63.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, n/a |
| asyncssh_project | asyncssh | 0, 0, 0 |
| PyPI | asyncssh | 0, 0, 0 |
Timeline
- Nov 9, 2023 CVE Published
- Nov 14, 2023 EPSS Score
- Dec 14, 2023 EPSS Score
- Dec 19, 2023 PoC Published
- Dec 20, 2023 PoC Published
- Jan 13, 2024 EPSS Score
- Feb 13, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 13, 2024 EPSS Score
- May 13, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Jul 13, 2024 EPSS Score
References
- https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 url
- FEDORA-2023-d2956318e4 vendor-advisory
- https://www.terrapin-attack.com url
- https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst url
- https://github.com/advisories/GHSA-cfc2-wr2v-gxm5 url
- http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html url
- https://security.netapp.com/advisory/ntap-20231222-0001/ url
- https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html url
- https://nvd.nist.gov/vuln/detail/CVE-2023-46445 advisory
- https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e url
- https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml url
- https://github.com/ronf/asyncssh package
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE url
- https://security.netapp.com/advisory/ntap-20231222-0001 url