NVD Vulnerability Detail

CVE-2023-48795

Summary	The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Publication Date	Dec. 19, 2023, 1:15 a.m.
Registration Date	Dec. 19, 2023, 10 a.m.
Last Update	May 2, 2024, 3:15 a.m.

CVSS3.1 : MEDIUM
スコア	5.9
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	高
可用性への影響(A)	なし

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openbsd:openssh::::::::					9.6

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:putty:putty::::::::					0.80

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:filezilla-project:filezilla_client::::::::					3.66.4

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:microsoft:powershell::::::::			11.1.0

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:panic:transmit_5::::::::					5.10.4
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:panic:nova::::::::					11.8
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:a:roumenpetrov:pkixssh::::::::					14.4

Configuration8		or higher	or less	more than	less than
cpe:2.3:a:winscp:winscp::::::::					6.2.2

Configuration9		or higher	or less	more than	less than
cpe:2.3:a:bitvise:ssh_client::::::::					9.33

Configuration10		or higher	or less	more than	less than
cpe:2.3:a:bitvise:ssh_server::::::::					9.32

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:lancom-systems:lcos::::::::			3.66.4

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:lancom-systems:lcos_fx:-:::::::*

Configuration13		or higher	or less	more than	less than
cpe:2.3:o:lancom-systems:lcos_lx:-:::::::*

Configuration14	or higher	or less	more than	less than
cpe:2.3:o:lancom-systems:lcos_sx:5.20:::::::*
cpe:2.3:o:lancom-systems:lcos_sx:4.20:::::::*

Configuration15		or higher	or less	more than	less than
cpe:2.3:o:lancom-systems:lanconfig:-:::::::*

Configuration16		or higher	or less	more than	less than
cpe:2.3:a:vandyke:securecrt::::::::					9.4.3

Configuration17		or higher	or less	more than	less than
cpe:2.3:a:libssh:libssh::::::::					0.10.6

Configuration18		or higher	or less	more than	less than
cpe:2.3:a:net-ssh:net-ssh:7.2.0:::::ruby::

Configuration19		or higher	or less	more than	less than
cpe:2.3:a:ssh2_project:ssh2::::::node.js::*			1.11.0

Configuration20		or higher	or less	more than	less than
cpe:2.3:a:proftpd:proftpd::::::::			1.3.8b

Configuration21		or higher	or less	more than	less than
cpe:2.3:o:freebsd:freebsd::::::::			12.4

Configuration22		or higher	or less	more than	less than
cpe:2.3:a:crates:thrussh::::::::					0.35.1

Configuration23		or higher	or less	more than	less than
cpe:2.3:a:tera_term_project:tera_term::::::::			5.1

Configuration24		or higher	or less	more than	less than
cpe:2.3:a:oryx-embedded:cyclone_ssh::::::::					2.3.4

Configuration25		or higher	or less	more than	less than
cpe:2.3:a:crushftp:crushftp::::::::			10.6.0

Configuration26		or higher	or less	more than	less than
cpe:2.3:a:netsarang:xshell_7::::::::					build__0144

Configuration27		or higher	or less	more than	less than
cpe:2.3:a:paramiko:paramiko::::::::					3.4.0

Configuration28		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*

Configuration29	or higher	or less	more than	less than
cpe:2.3:a:redhat:openstack_platform:16.1:::::::*
cpe:2.3:a:redhat:openstack_platform:16.2:::::::*
cpe:2.3:a:redhat:openstack_platform:17.1:::::::*

Configuration30		or higher	or less	more than	less than
cpe:2.3:a:redhat:ceph_storage:6.0:::::::*

Configuration31	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration32		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_serverless:-:::::::*

Configuration33		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_gitops:-:::::::*

Configuration34		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_pipelines:-:::::::*

Configuration35		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:::::::*

Configuration36		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_data_foundation:4.0:::::::*

Configuration37		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_api_for_data_protection:-:::::::*

Configuration38		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_virtualization:4:::::::*

Configuration39		or higher	or less	more than	less than
cpe:2.3:a:redhat:storage:3.0:::::::*

Configuration40		or higher	or less	more than	less than
cpe:2.3:a:redhat:discovery:-:::::::*

Configuration41		or higher	or less	more than	less than
cpe:2.3:a:redhat:openshift_dev_spaces:-:::::::*

Configuration42		or higher	or less	more than	less than
cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:::::::*

Configuration43		or higher	or less	more than	less than
cpe:2.3:a:redhat:keycloak:-:::::::*

Configuration44		or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*

Configuration45		or higher	or less	more than	less than
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*

Configuration46	or higher	or less	more than	less than
cpe:2.3:a:redhat:advanced_cluster_security:4.0:::::::*
cpe:2.3:a:redhat:advanced_cluster_security:3.0:::::::*

Configuration47		or higher	or less	more than	less than
cpe:2.3:a:golang:crypto::::::::					0.17.0

Configuration48		or higher	or less	more than	less than
cpe:2.3:a:russh_project:russh::::::rust::*					0.40.2

Configuration49		or higher	or less	more than	less than
cpe:2.3:a:sftpgo_project:sftpgo::::::::					2.5.6

Configuration50		or higher	or less	more than	less than
cpe:2.3:a:erlang:erlang\/otp::::::::					26.2.1

Configuration51		or higher	or less	more than	less than
cpe:2.3:a:matez:jsch::::::::					0.2.15

Configuration52		or higher	or less	more than	less than
cpe:2.3:a:libssh2:libssh2::::::::					1.11.10

Configuration53		or higher	or less	more than	less than
cpe:2.3:a:asyncssh_project:asyncssh::::::::					2.14.2

Configuration54		or higher	or less	more than	less than
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh::::::::					2022.83

Configuration55		or higher	or less	more than	less than
cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api::::::::					3.1.0-snapshot

Configuration56		or higher	or less	more than	less than
cpe:2.3:a:ssh:ssh::::::::					5.11

Configuration57		or higher	or less	more than	less than
cpe:2.3:o:thorntech:sftp_gateway_firmware::::::::					3.4.6

Configuration58		or higher	or less	more than	less than
cpe:2.3:a:netgate:pfsense_plus::::::::			23.09.1

Configuration59		or higher	or less	more than	less than
cpe:2.3:a:netgate:pfsense_ce::::::::			2.7.2

Configuration60		or higher	or less	more than	less than
cpe:2.3:a:crushftp:crushftp::::::::					10.6.0

Configuration61		or higher	or less	more than	less than
cpe:2.3:a:connectbot:sshlib::::::::					2.2.22

Configuration62		or higher	or less	more than	less than
cpe:2.3:a:apache:sshd::::::::			2.11.0

Configuration63		or higher	or less	more than	less than
cpe:2.3:a:apache:sshj::::::::			0.37.0

Configuration64		or higher	or less	more than	less than
cpe:2.3:a:tinyssh:tinyssh::::::::			20230101

Configuration65		or higher	or less	more than	less than
cpe:2.3:a:trilead:ssh2:6401:::::::*

Configuration66		or higher	or less	more than	less than
cpe:2.3:a:9bis:kitty::::::::			0.76.1.13

Configuration67		or higher	or less	more than	less than
cpe:2.3:a:gentoo:security:-:::::::*
execution environment
1	cpe:2.3:o:debian:debian_linux:-:::::::*

Configuration68	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration69		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration70		or higher	or less	more than	less than
cpe:2.3:o:apple:macos::::::::		14.0			14.4

Related information, measures and tools

No	URL	タグ
1	https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html	Release Notes
2	https://matt.ucc.asn.au/dropbear/CHANGES	Release Notes
3	https://www.openssh.com/openbsd.html	Release Notes
4	https://github.com/openssh/openssh-portable/commits/master	Patch
5	https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ	Mailing List
6	https://www.bitvise.com/ssh-server-version-history	Release Notes
7	https://github.com/ronf/asyncssh/tags	Release Notes
8	https://gitlab.com/libssh/libssh-mirror/-/tags	Release Notes
9	https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/	Issue Tracking
10	https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42	Patch
11	https://www.openssh.com/txt/release-9.6	Release Notes
12	https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/	Press/Media Coverage
13	https://www.terrapin-attack.com	Exploit
14	https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25	Patch
15	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst	Release Notes
16	https://thorntech.com/cve-2023-48795-and-sftp-gateway/	Third Party Advisory
17	https://github.com/warp-tech/russh/releases/tag/v0.40.2	Release Notes
18	https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0	Patch
19	https://www.openwall.com/lists/oss-security/2023/12/18/2	Mailing List
20	https://twitter.com/TrueSkrillor/status/1736774389725565005	Press/Media Coverage
21	https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d	Patch
22	https://github.com/paramiko/paramiko/issues/2337	Issue Tracking
23	https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg	Mailing List
24	https://news.ycombinator.com/item?id=38684904	Issue Tracking
25	https://news.ycombinator.com/item?id=38685286	Issue Tracking
26	http://www.openwall.com/lists/oss-security/2023/12/18/3	Mailing List
27	https://github.com/mwiede/jsch/issues/457	Issue Tracking
28	https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6	Patch
29	https://github.com/erlang/otp/releases/tag/OTP-26.2.1	Release Notes
30	https://github.com/advisories/GHSA-45x7-px36-x8w8	Third Party Advisory
31	https://security-tracker.debian.org/tracker/source-package/libssh2	Vendor Advisory
32	https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg	Vendor Advisory
33	https://security-tracker.debian.org/tracker/CVE-2023-48795	Vendor Advisory
34	https://bugzilla.suse.com/show_bug.cgi?id=1217950	Issue Tracking
35	https://bugzilla.redhat.com/show_bug.cgi?id=2254210	Issue Tracking
36	https://bugs.gentoo.org/920280	Issue Tracking
37	https://ubuntu.com/security/CVE-2023-48795	Vendor Advisory
38	https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/	Press/Media Coverage
39	https://access.redhat.com/security/cve/cve-2023-48795	Third Party Advisory
40	https://github.com/mwiede/jsch/pull/461	Release Notes
41	https://github.com/drakkan/sftpgo/releases/tag/v2.5.6	Release Notes
42	https://github.com/libssh2/libssh2/pull/1291	Mitigation
43	https://forum.netgate.com/topic/184941/terrapin-ssh-attack	Issue Tracking
44	https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5	Patch
45	https://github.com/rapier1/hpn-ssh/releases	Release Notes
46	https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES	Release Notes
47	https://www.netsarang.com/en/xshell-update-history/	Release Notes
48	https://www.paramiko.org/changelog.html	Release Notes
49	https://github.com/proftpd/proftpd/issues/456	Issue Tracking
50	https://github.com/TeraTermProject/teraterm/releases/tag/v5.1	Release Notes
51	https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15	Product
52	https://oryx-embedded.com/download/#changelog	Release Notes
53	https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update	Release Notes
54	https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22	Third Party Advisory
55	https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab	Patch
56	https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3	Patch
57	https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC	Patch
58	https://crates.io/crates/thrussh/versions	Release Notes
59	https://github.com/NixOS/nixpkgs/pull/275249	Release Notes
60	http://www.openwall.com/lists/oss-security/2023/12/19/5	Mailing List
61	https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc	Release Notes
62	https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/	Press/Media Coverage
63	http://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
64	https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES	Release Notes
65	https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES	Release Notes
66	https://github.com/apache/mina-sshd/issues/445	Issue Tracking
67	https://github.com/hierynomus/sshj/issues/916	Issue Tracking
68	https://github.com/janmojzis/tinyssh/issues/81	Issue Tracking
69	https://www.openwall.com/lists/oss-security/2023/12/20/3	Mailing List Mitigation
70	https://security-tracker.debian.org/tracker/source-package/trilead-ssh2	Issue Tracking
71	https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16	Patch
72	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html	Third Party Advisory VDB Entry
73	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/	Vendor Advisory
74	https://www.debian.org/security/2023/dsa-5586	Issue Tracking
75	https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508	Vendor Advisory
76	https://www.theregister.com/2023/12/20/terrapin_attack_ssh	Press/Media Coverage
77	https://filezilla-project.org/versions.php	Release Notes
78	https://nova.app/releases/#v11.8	Release Notes
79	https://roumenpetrov.info/secsh/#news20231220	Release Notes
80	https://www.vandyke.com/products/securecrt/history.txt	Release Notes
81	https://help.panic.com/releasenotes/transmit5/	Release Notes
82	https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta	Release Notes
83	https://github.com/PowerShell/Win32-OpenSSH/issues/2189	Issue Tracking
84	https://winscp.net/eng/docs/history#6.2.2	Release Notes
85	https://www.bitvise.com/ssh-client-version-history#933	Release Notes
86	https://github.com/cyd01/KiTTY/issues/520	Issue Tracking
87	https://www.debian.org/security/2023/dsa-5588	Issue Tracking
88	https://github.com/ssh-mitm/ssh-mitm/issues/165	Issue Tracking
89	https://news.ycombinator.com/item?id=38732005	Issue Tracking
90	https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html	Mailing List
91	https://security.gentoo.org/glsa/202312-16	Third Party Advisory
92	https://security.gentoo.org/glsa/202312-17	Third Party Advisory
93	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/	Mailing List Third Party Advisory
94	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/	Mailing List Third Party Advisory
95	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/	Mailing List Third Party Advisory
96	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/	Mailing List Third Party Advisory
97	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/	Mailing List Third Party Advisory
98	https://security.netapp.com/advisory/ntap-20240105-0004/	Third Party Advisory
99	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/	Mailing List Third Party Advisory
100	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/	Mailing List Third Party Advisory
101	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/	Mailing List Third Party Advisory
102	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/	Mailing List Third Party Advisory
103	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/	Mailing List Third Party Advisory
104	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002	Third Party Advisory
105	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/	Mailing List Third Party Advisory
106	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/	Mailing List Third Party Advisory
107	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/	Mailing List Third Party Advisory
108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/	Mailing List Third Party Advisory
109	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/	Mailing List Third Party Advisory
110	https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html	Mailing List Third Party Advisory
111	https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html	Mailing List Third Party Advisory
112	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/	Mailing List Third Party Advisory
113	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/	Mailing List Third Party Advisory
114	https://support.apple.com/kb/HT214084	Third Party Advisory
115	http://seclists.org/fulldisclosure/2024/Mar/21	Mailing List Third Party Advisory
116	https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html	Mailing List Third Party Advisory
117	http://www.openwall.com/lists/oss-security/2024/04/17/8
118	http://www.openwall.com/lists/oss-security/2024/03/06/3

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-354	データの整合性検証不備	https://cwe.mitre.org/data/definitions/354.html

JVN Vulnerability Information

OpenBSD の OpenSSH 等複数ベンダの製品におけるデータの整合性検証不備に関する脆弱性

Title	OpenBSD の OpenSSH 等複数ベンダの製品におけるデータの整合性検証不備に関する脆弱性
Summary	OpenBSD の OpenSSH 等複数ベンダの製品には、データの整合性検証不備に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 18, 2023, midnight
Registration Date	Jan. 17, 2024, 4:24 p.m.
Last Update	Jan. 17, 2024, 4:24 p.m.

Affected System

roumenpetrov

pkixssh 14.4 未満

panic

nova 11.8 未満

transmit 5 5.10.4 未満

net-ssh

net-ssh 7.2.0

crates

thrussh 0.35.1 未満

bitvise

ssh client 9.33 未満

ssh server 9.32 未満

ssh2 project

ssh2 1.11.0 およびそれ以前

LANCOM Systems GmbH

lanconfig

LCOS 3.66.4 およびそれ以前

LCOS FX

LCOS LX

LCOS SX 4.20

LCOS SX 5.20

Oryx Embedded

cyclone ssh 2.3.4 未満

マイクロソフト

PowerShell 11.1.0 およびそれ以前

レッドハット

Red Hat OpenShift Container Platform 4.0

Red Hat OpenStack Platform 16.1

Red Hat OpenStack Platform 16.2

Red Hat OpenStack Platform 17.1

ProFTPD Project

ProFTPD 1.3.8b およびそれ以前

OpenBSD

OpenSSH 9.6 未満

FreeBSD

FreeBSD 12.4 およびそれ以前

NetSarang

xshell 7 build 0144 未満

FileZilla

FileZilla Client 3.66.4 未満

VanDyke Software

securecrt 9.4.3 未満

libssh

libssh 0.10.6 未満

WinSCP

WinSCP 6.2.2 未満

Simon Tatham

PuTTY 0.80 未満

TeraTerm Project

Tera Term 5.1 およびそれ以前

CrushFTP

CrushFTP 10.6.0 およびそれ以前

Jeff Forcier

Paramiko 3.4.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-48795	https://www.cve.org/CVERecord?id=CVE-2023-48795
National Vulnerability Database (NVD)
2	CVE-2023-48795	https://nvd.nist.gov/vuln/detail/CVE-2023-48795
Red Hat Customer Portal
3	CVE-2023-48795	https://access.redhat.com/security/cve/cve-2023-48795

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-354	https://cwe.mitre.org/data/definitions/354.html

ベンダー情報

No	Name	URL
Allgemeine Sicherheitshinweise
1	Informationen zur "Terrapin"-Sicherheitslucke im SSH-Protokoll (CVE-2023-48795)	https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
bitvise
2	Bitvise SSH Server Version History	https://www.bitvise.com/ssh-server-version-history
Bitvise SSH Client Version History
3	Changes in Bitvise SSH Client 9.33: [ 20 December 2023 ]	https://www.bitvise.com/ssh-client-version-history#933
crates
4	thrussh	https://crates.io/crates/thrussh/versions
CrushFTP
5	Minimum safe CrushFTP version is 10.6.0. (Regularly updating is critical and we make that as easy as possible.)#	https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
Download
6	Release History	https://oryx-embedded.com/download/#changelog
FileZilla
7	Version history	https://filezilla-project.org/versions.php
FreeBSD Security Advisory
8	FreeBSD-SA-23:19.openssh	https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
Git
9	Bump version to 0.10.6	https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
GitHub
10	"Terrapin" MitM attack / CVE-2023-48795 #2337	https://github.com/paramiko/paramiko/issues/2337
11	1.3.8 Release Notes	https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
12	1.3.9 Release Notes (d21e7a2)	https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
13	1.3.9 Release Notes (master)	https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
14	Clarify exposure to CVE-2023-48795 (Terrapin) #2189	https://github.com/PowerShell/Win32-OpenSSH/issues/2189
15	lib: add strict key exchange mode support	https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
16	net-ssh/CHANGES.txt	https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
17	Strict KEX 対応 (CVE-2023-48795)	https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
18	Support the chacha20-poly1305@openssh.com SSH cipher #456	https://github.com/proftpd/proftpd/issues/456
19	Tera Term 5.1	https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
20	v9.5.0.0p1-Beta	https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
GitLab
21	libssh project/libssh-mirror/タグ	https://gitlab.com/libssh/libssh-mirror/-/tags
NetSarang
22	Xshell 7 Update History	https://www.netsarang.com/en/xshell-update-history/
OpenSSH
23	OpenSSH for OpenBSD	https://www.openssh.com/openbsd.html
24	release-9.6	https://www.openssh.com/txt/release-9.6
panic
25	Transmit 5 Release Notes	https://help.panic.com/releasenotes/transmit5/
Paramiko
26	Changelog	https://www.paramiko.org/changelog.html
PKIX-SSH
27	20 Dec 2023 : Official version 14.4	https://roumenpetrov.info/secsh/#news20231220
Recent Version History
28	6.2.2 beta	https://winscp.net/eng/docs/history#6.2.2
Red Hat Bugzilla
29	Bug 2254210	https://bugzilla.redhat.com/show_bug.cgi?id=2254210
Simon Tatham
30	PuTTY Change Log	https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
VanDyke Software
31	SecureCRT(R) 9.5 (Official) -- January 16, 2024	https://www.vandyke.com/products/securecrt/history.txt

その他

No	Name	URL
関連文書
1	arstechnica.com (hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack)	https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
2	bugs.gentoo.org (920280)	https://bugs.gentoo.org/920280
3	bugzilla.suse.com (1217950)	https://bugzilla.suse.com/show_bug.cgi?id=1217950
4	filezilla-project.org (versions.php)	https://filezilla-project.org/versions.php
5	forum.netgate.com (terrapin-ssh-attack)	https://forum.netgate.com/topic/184941/terrapin-ssh-attack
6	github.com (2.2.21...2.2.22)	https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
7	github.com (5c8b534f6e97db7ac0e0e579331213aa25c173ab)	https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
8	github.com (8e972c5e94b460379fe0c7d20209c16df81538a5)	https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
9	github.com (9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d)	https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
10	github.com (CHANGES#L25)	https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
11	github.com (changes.rst)	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
12	github.com (GHSA-45x7-px36-x8w8)	https://github.com/advisories/GHSA-45x7-px36-x8w8
13	github.com (issues/165)	https://github.com/ssh-mitm/ssh-mitm/issues/165
14	github.com (issues/445)	https://github.com/apache/mina-sshd/issues/445
15	github.com (issues/457)	https://github.com/mwiede/jsch/issues/457
16	github.com (issues/520)	https://github.com/cyd01/KiTTY/issues/520
17	github.com (issues/81)	https://github.com/janmojzis/tinyssh/issues/81
18	github.com (issues/916)	https://github.com/hierynomus/sshj/issues/916
19	github.com (jsch-0.2.14...jsch-0.2.15)	https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
20	github.com (master)	https://github.com/openssh/openssh-portable/commits/master
21	github.com (notes.xml#L39-L42)	https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
22	github.com (OTP-26.2.1)	https://github.com/erlang/otp/releases/tag/OTP-26.2.1
23	github.com (pull/1291)	https://github.com/libssh2/libssh2/pull/1291
24	github.com (pull/275249)	https://github.com/NixOS/nixpkgs/pull/275249
25	github.com (pull/461)	https://github.com/mwiede/jsch/pull/461
26	github.com (releases)	https://github.com/rapier1/hpn-ssh/releases
27	github.com (tags)	https://github.com/ronf/asyncssh/tags
28	github.com (v0.40.2)	https://github.com/warp-tech/russh/releases/tag/v0.40.2
29	github.com (v2.5.6)	https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
30	groups.google.com (-n5WqVC18LQ)	https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
31	groups.google.com (qA3XtxvMUyg)	https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
32	jadaptive.com (important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795)	https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
33	lists.debian.org (msg00017)	https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
34	lists.fedoraproject.org (3CAYYW35MUTNO65RVAELICTNZZFMT2XS)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
35	lists.fedoraproject.org (3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
36	lists.fedoraproject.org (APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
37	lists.fedoraproject.org (F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
38	lists.fedoraproject.org (KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
39	lists.fedoraproject.org (MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
40	lists.fedoraproject.org (QI3EHAHABFQK7OABNCSF5GMYP6TONTI7)	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
41	matt.ucc.asn.au (CHANGES)	https://matt.ucc.asn.au/dropbear/CHANGES
42	nest.pijul.com (D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC)	https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
43	news.ycombinator.com (38684904)	https://news.ycombinator.com/item?id=38684904
44	news.ycombinator.com (38685286)	https://news.ycombinator.com/item?id=38685286
45	news.ycombinator.com (38732005)	https://news.ycombinator.com/item?id=38732005
46	nova.app (#v11.8)	https://nova.app/releases/#v11.8
47	packetstormsecurity.com (Terrapin-SSH-Connection-Weakening)	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
48	security-tracker.debian.org (CVE-2023-48795)	https://security-tracker.debian.org/tracker/CVE-2023-48795
49	security-tracker.debian.org (libssh2)	https://security-tracker.debian.org/tracker/source-package/libssh2
50	security-tracker.debian.org (proftpd-dfsg)	https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
51	security-tracker.debian.org (trilead-ssh2)	https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
52	security.gentoo.org (202312-16)	https://security.gentoo.org/glsa/202312-16
53	security.gentoo.org (202312-17)	https://security.gentoo.org/glsa/202312-17
54	security.netapp.com (ntap-20240105-0004)	https://security.netapp.com/advisory/ntap-20240105-0004/
55	thorntech.com (cve-2023-48795-and-sftp-gateway)	https://thorntech.com/cve-2023-48795-and-sftp-gateway/
56	twitter.com (status/1736774389725565005)	https://twitter.com/TrueSkrillor/status/1736774389725565005
57	ubuntu.com (CVE-2023-48795)	https://ubuntu.com/security/CVE-2023-48795
58	www.debian.org (dsa-5586)	https://www.debian.org/security/2023/dsa-5586
59	www.debian.org (dsa-5588)	https://www.debian.org/security/2023/dsa-5588
60	www.openwall.com (oss-security/2023/12/18/2)	https://www.openwall.com/lists/oss-security/2023/12/18/2
61	www.openwall.com (oss-security/2023/12/18/3)	http://www.openwall.com/lists/oss-security/2023/12/18/3
62	www.openwall.com (oss-security/2023/12/19/5)	http://www.openwall.com/lists/oss-security/2023/12/19/5
63	www.openwall.com (oss-security/2023/12/20/3)	https://www.openwall.com/lists/oss-security/2023/12/20/3
64	www.openwall.com (oss-security/2023/12/20/3)	http://www.openwall.com/lists/oss-security/2023/12/20/3
65	www.reddit.com (cve202348795_why_is_this_cve_still_undisclosed)	https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
66	www.suse.com (suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795)	https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
67	www.terrapin-attack.com	https://www.terrapin-attack.com
68	www.theregister.com (terrapin_attack_ssh)	https://www.theregister.com/2023/12/20/terrapin_attack_ssh

Change Log

No	Changed Details	Date of change
1	[2024年01月17日] 掲載	Jan. 17, 2024, 4:24 p.m.