VDB
DEBIAN-CVE-2023-51384
DEBIAN-CVE-2023-51384
PUBLISHED
CVSS 5.5 MEDIUM
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | openssh | 0, 1:9.2p1-2, 1:9.2p1-2+deb12u1 |
| Debian:14 | openssh | 0, 0, 0 |
| Debian:13 | openssh | 0, 0, 0 |
Exploit Intelligence
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- package.py (github-poc)
Timeline
- Dec 18, 2023 CVE Published
- Apr 28, 2026 CVE Updated