CVE-2023-48795

medium

Published 2023-12-18 · Modified 2024-03-06

CVSS v3

5.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

—

VIR risk

5.9

Description

Moderate: openssh security update

Predictions

Exploit likelihood

69%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-1130.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-1150.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0606.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2255271

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0606

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-0628.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2254210

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:0628

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-48795.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0628

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:0606

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.vandyke.com/products/securecrt/history.txt

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.paramiko.org/changelog.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.openwall.com/lists/oss-security/2023/12/20/3

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.openssh.com/txt/release-9.6

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.openssh.com/openbsd.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.netsarang.com/en/xshell-update-history/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.bitvise.com/ssh-server-version-history

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.bitvise.com/ssh-client-version-history#933

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://winscp.net/eng/docs/history#6.2.2

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://ubuntu.com/security/CVE-2023-48795

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://security-tracker.debian.org/tracker/source-package/libssh2

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://security-tracker.debian.org/tracker/CVE-2023-48795

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://roumenpetrov.info/secsh/#news20231220

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://oryx-embedded.com/download/#changelog

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://nova.app/releases/#v11.8

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://matt.ucc.asn.au/dropbear/CHANGES

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://help.panic.com/releasenotes/transmit5/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://gitlab.com/libssh/libssh-mirror/-/tags

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/warp-tech/russh/releases/tag/v0.40.2

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/ronf/asyncssh/tags

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/rapier1/hpn-ssh/releases

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/openssh/openssh-portable/commits/master

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/mwiede/jsch/pull/461

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/libssh2/libssh2/pull/1291

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/erlang/otp/releases/tag/OTP-26.2.1

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/NixOS/nixpkgs/pull/275249

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://filezilla-project.org/versions.php

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://crates.io/crates/thrussh/versions

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2023/12/20/3

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:1150

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:1130

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHBA-2024:1136

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHBA-2024:1127

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
debian	bookworm	fixed	`2022.83-1+deb12u1`
debian	bullseye	fixed	`2020.81-3+deb11u1`
debian	forky	fixed	`2022.83-4`
debian	sid	fixed	`2022.83-4`
debian	trixie	fixed	`2022.83-4`
sles		affected
debian	-	not-affected
debian	10.0	affected
fedora	38	affected
fedora	39	affected
rhel	8.0	affected
rhel	9.0	affected
macos	-	not-affected
macos		affected	`14.4`
freebsd		affected

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	paramiko	`>=2.5.0,<3.4.0`	`3.4.0`
Go	golang.org/x/crypto	`<0.0.0-20231218163308-9d2ee975ef9f`	`0.0.0-20231218163308-9d2ee975ef9f`
Go	golang.org/x/crypto	`>=0.1.0,<0.17.0`	`0.17.0`
crates.io	russh	`<0.40.2`	`0.40.2`
Go	golang.org/x/crypto	`<0.17.0`	`0.17.0`
GO	golang.org/x/crypto	`< 0.0.0-20231218163308-9d2ee975ef9f`	`0.0.0-20231218163308-9d2ee975ef9f`
GO	golang.org/x/crypto	`>= 0.1.0, < 0.17.0`	`0.17.0`
PIP	paramiko	`>= 2.5.0, < 3.4.0`	`3.4.0`
RUST	russh	`< 0.40.2`	`0.40.2`

Application impact

Vendor	Product	Versions	Fixed
apache	sshj	`{"endIncluding":"0.37.0"}`
openbsd	openssh	`{"endExcluding":"9.6"}`	`9.6`
putty	putty	`{"endExcluding":"0.80"}`	`0.80`
filezilla-project	filezilla_client	`{"endExcluding":"3.66.4"}`	`3.66.4`
panic	transmit_5	`{"endExcluding":"5.10.4"}`	`5.10.4`
panic	nova	`{"endExcluding":"11.8"}`	`11.8`
roumenpetrov	pkixssh	`{"endExcluding":"14.4"}`	`14.4`
winscp	winscp	`{"endExcluding":"6.2.2"}`	`6.2.2`
bitvise	ssh_client	`{"endExcluding":"9.33"}`	`9.33`
bitvise	ssh_server	`{"endExcluding":"9.32"}`	`9.32`
vandyke	securecrt	`{"endExcluding":"9.4.3"}`	`9.4.3`
libssh	libssh	`{"endExcluding":"0.10.6"}`	`0.10.6`
net-ssh	net-ssh	`7.2.0`
ssh2_project	ssh2	`{"endIncluding":"1.11.0"}`
proftpd	proftpd	`{"endIncluding":"1.3.8b"}`
crates	thrussh	`{"endExcluding":"0.35.1"}`	`0.35.1`
tera_term_project	tera_term	`{"endIncluding":"5.1"}`
oryx-embedded	cyclone_ssh	`{"endExcluding":"2.3.4"}`	`2.3.4`
crushftp	crushftp	`{"endIncluding":"10.6.0"}`
netsarang	xshell_7	`{"endExcluding":"build__0144"}`	`build__0144`
paramiko	paramiko	`{"endExcluding":"3.4.0"}`	`3.4.0`
redhat	openshift_container_platform	`4.0`
redhat	openstack_platform	`16.1`
redhat	openstack_platform	`16.2`
redhat	openstack_platform	`17.1`
redhat	ceph_storage	`6.0`
redhat	openshift_serverless	`-`
redhat	openshift_gitops	`-`
redhat	openshift_pipelines	`-`
redhat	openshift_developer_tools_and_services	`-`
redhat	openshift_data_foundation	`4.0`
redhat	openshift_api_for_data_protection	`-`
redhat	openshift_virtualization	`4`
redhat	storage	`3.0`
redhat	discovery	`-`
redhat	openshift_dev_spaces	`-`
redhat	cert-manager_operator_for_red_hat_openshift	`-`
redhat	keycloak	`-`
redhat	jboss_enterprise_application_platform	`7.0`
redhat	single_sign-on	`7.0`
redhat	advanced_cluster_security	`3.0`
redhat	advanced_cluster_security	`4.0`
golang	crypto	`{"endExcluding":"0.17.0"}`	`0.17.0`
russh_project	russh	`{"endExcluding":"0.40.2"}`	`0.40.2`
sftpgo_project	sftpgo	`{"endExcluding":"2.5.6"}`	`2.5.6`
erlang	erlang\/otp	`{"endExcluding":"22.3.4.27"}`	`22.3.4.27`
matez	jsch	`{"endExcluding":"0.2.15"}`	`0.2.15`
libssh2	libssh2	`{"endExcluding":"1.11.1"}`	`1.11.1`
asyncssh_project	asyncssh	`{"endExcluding":"2.14.2"}`	`2.14.2`
dropbear_ssh_project	dropbear_ssh	`{"endExcluding":"2022.83"}`	`2022.83`
jadaptive	maverick_synergy_java_ssh_api	`{"endExcluding":"3.1.0-snapshot"}`	`3.1.0-snapshot`
ssh	ssh	`{"endExcluding":"4.9.1.5"}`	`4.9.1.5`
netgate	pfsense_plus	`{"endIncluding":"23.09.1"}`
netgate	pfsense_ce	`{"endIncluding":"2.7.2"}`
connectbot	sshlib	`{"endExcluding":"2.2.22"}`	`2.2.22`
apache	sshd	`{"endIncluding":"2.11.0"}`
tinyssh	tinyssh	`{"endIncluding":"20230101"}`
trilead	ssh2	`6401`
9bis	kitty	`{"endIncluding":"0.76.1.13"}`
gentoo	security	`-`

References

CWEs

CWE-354

Verify integrity in audit chain (admin only). AS-IS.