VDB
GCVE-110-MAGEIA-2024-10
GCVE-110-MAGEIA-2024-10
Advisory Published
The updated packages fix security vulnerabilities:
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code execution
if an agent is forwarded to an attacker-controlled system.
(CVE-2023-38408)
Prefix Truncation Attacks in SSH Specification (Terrapin Attack).
(CVE-2023-48795)
In ssh-agent in OpenSSH before 9.6, certain destination constraints can
be incompletely applied. When destination constraints are specified
during addition of PKCS#11-hosted private keys, these constraints are
only applied to the first key, even if a PKCS#11 token returns multiple
keys. (CVE-2023-51384)
In ssh in OpenSSH before 9.6, OS command injection might occur if a user
name or host name has shell metacharacters, and this name is referenced
by an expansion token in certain situations. For example, an untrusted
Git repository can have a submodule with shell metacharacters in a user
name or host name. (CVE-2023-51385)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | dnfdragora | 0 (affected), 2.1.6-1.mga9 (unaffected) | — |
| Mageia | openssh | 9.3p1-2.1.mga9 (unaffected), 0 (affected), 9.3p1-2.1.mga9 (unaffected), 0 (affected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.