[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2023-48795":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":49,"related":50,"reserved_at":9,"published_at":51,"modified_at":52,"state":9,"summary":53,"references_raw":55,"kevs":62,"epss":9,"epss_history":63,"metrics":64,"affected":71},"DEBIAN-CVE-2023-48795","The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",null,[],[],[],[14],{"_key":15},"CVE-2023-48795",[17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47],{"_key":18},"DLA-3694-1",{"_key":20},"DLA-3718-1",{"_key":22},"DLA-3719-1",{"_key":24},"DLA-3730-1",{"_key":26},"DLA-3794-1",{"_key":28},"DLA-3899-1",{"_key":30},"DLA-3975-1",{"_key":32},"DLA-4132-1",{"_key":34},"DSA-5586-1",{"_key":36},"DSA-5588-1",{"_key":38},"DSA-5591-1",{"_key":40},"DSA-5599-1",{"_key":42},"DSA-5600-1",{"_key":44},"DSA-5601-1",{"_key":46},"DSA-5750-1",{"_key":48},"DSA-5906-1",[],[],"2023-12-18T16:15:10.897Z","2026-05-27T11:00:22.954708215Z",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[56],{"url":57,"sources":58,"tags":60},"https://security-tracker.debian.org/tracker/CVE-2023-48795",[59],"osv_debian",[61],"Advisory",[],[],[65],{"source":59,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":66,"cvss_v4_0":9},{"baseScore":67,"baseSeverity":9,"vectorString":68,"impactScore":69,"exploitabilityScore":70},5.9,"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",6,5.6,[72,91,104,117,127,140,147,160,169,182,192,204,217,228,241,254,263],{"ecosystem":73,"name":74,"vendor":75,"product":74,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":74,"source":9,"versions":77},"Debian","dropbear","debian","deb",[78,84,87,90],{"version":79,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":82,"version_end_type":83,"fixed_in":9},"lt2020_81_3+deb11u1",true,"ecosystem","2020.81-3+deb11u1","excluding",{"version":85,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":86,"version_end_type":83,"fixed_in":9},"lt2022_83_1+deb12u1","2022.83-1+deb12u1",{"version":88,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":89,"version_end_type":83,"fixed_in":9},"lt2022_83_4","2022.83-4",{"version":88,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":89,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":92,"vendor":75,"product":92,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":92,"source":9,"versions":93},"erlang",[94,97,100,103],{"version":95,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":96,"version_end_type":83,"fixed_in":9},"lt1:23_2_6+dfsg_1+deb11u2","1:23.2.6+dfsg-1+deb11u2",{"version":98,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":99,"version_end_type":83,"fixed_in":9},"lt1:25_2_3+dfsg_1+deb12u1","1:25.2.3+dfsg-1+deb12u1",{"version":101,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":102,"version_end_type":83,"fixed_in":9},"lt1:25_3_2_8+dfsg_1","1:25.3.2.8+dfsg-1",{"version":101,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":102,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":105,"vendor":75,"product":105,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":105,"source":9,"versions":106},"filezilla",[107,110,113,116],{"version":108,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":83,"fixed_in":9},"lt3_52_2_3+deb11u1","3.52.2-3+deb11u1",{"version":111,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":112,"version_end_type":83,"fixed_in":9},"lt3_63_0_1+deb12u3","3.63.0-1+deb12u3",{"version":114,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":115,"version_end_type":83,"fixed_in":9},"lt3_66_4_1","3.66.4-1",{"version":114,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":115,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":118,"vendor":75,"product":118,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":118,"source":9,"versions":119},"golang-go.crypto",[120,122,123,126],{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":124,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":125,"version_end_type":83,"fixed_in":9},"lt1:0_17_0_1","1:0.17.0-1",{"version":124,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":125,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":128,"vendor":75,"product":128,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":128,"source":9,"versions":129},"libssh",[130,133,136,139],{"version":131,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":132,"version_end_type":83,"fixed_in":9},"lt0_9_8_0+deb11u1","0.9.8-0+deb11u1",{"version":134,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":135,"version_end_type":83,"fixed_in":9},"lt0_10_6_0+deb12u1","0.10.6-0+deb12u1",{"version":137,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":138,"version_end_type":83,"fixed_in":9},"lt0_10_6_1","0.10.6-1",{"version":137,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":138,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":141,"vendor":75,"product":141,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":141,"source":9,"versions":142},"libssh2",[143,146],{"version":144,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":145,"version_end_type":83,"fixed_in":9},"lt1_11_0_4","1.11.0-4",{"version":144,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":145,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":148,"vendor":75,"product":148,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":148,"source":9,"versions":149},"openssh",[150,153,156,159],{"version":151,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":152,"version_end_type":83,"fixed_in":9},"lt1:8_4p1_5+deb11u3","1:8.4p1-5+deb11u3",{"version":154,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":155,"version_end_type":83,"fixed_in":9},"lt1:9_2p1_2+deb12u2","1:9.2p1-2+deb12u2",{"version":157,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":158,"version_end_type":83,"fixed_in":9},"lt1:9_6p1_1","1:9.6p1-1",{"version":157,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":158,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":161,"vendor":75,"product":161,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":161,"source":9,"versions":162},"paramiko",[163,164,165,168],{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":166,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":167,"version_end_type":83,"fixed_in":9},"lt3_4_0_1","3.4.0-1",{"version":166,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":167,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":170,"vendor":75,"product":170,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":170,"source":9,"versions":171},"php-phpseclib",[172,175,178,181],{"version":173,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":174,"version_end_type":83,"fixed_in":9},"lt2_0_30_2+deb11u1","2.0.30-2+deb11u1",{"version":176,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":177,"version_end_type":83,"fixed_in":9},"lt2_0_42_1+deb12u1","2.0.42-1+deb12u1",{"version":179,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":180,"version_end_type":83,"fixed_in":9},"lt2_0_46_1","2.0.46-1",{"version":179,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":180,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":183,"vendor":75,"product":183,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":183,"source":9,"versions":184},"php-phpseclib3",[185,188,191],{"version":186,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":187,"version_end_type":83,"fixed_in":9},"lt3_0_19_1+deb12u2","3.0.19-1+deb12u2",{"version":189,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":190,"version_end_type":83,"fixed_in":9},"lt3_0_35_1","3.0.35-1",{"version":189,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":190,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":193,"vendor":75,"product":193,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":193,"source":9,"versions":194},"phpseclib",[195,198,201],{"version":196,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":197,"version_end_type":83,"fixed_in":9},"lt1_0_19_3+deb11u1","1.0.19-3+deb11u1",{"version":199,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":200,"version_end_type":83,"fixed_in":9},"lt1_0_20_1+deb12u1","1.0.20-1+deb12u1",{"version":202,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":203,"version_end_type":83,"fixed_in":9},"lt1_0_22_1","1.0.22-1",{"ecosystem":73,"name":205,"vendor":75,"product":205,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":205,"source":9,"versions":206},"proftpd-dfsg",[207,210,213,216],{"version":208,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":209,"version_end_type":83,"fixed_in":9},"lt1_3_7a+dfsg_12+deb11u3","1.3.7a+dfsg-12+deb11u3",{"version":211,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":212,"version_end_type":83,"fixed_in":9},"lt1_3_8+dfsg_4+deb12u3","1.3.8+dfsg-4+deb12u3",{"version":214,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":215,"version_end_type":83,"fixed_in":9},"lt1_3_8_b+dfsg_1","1.3.8.b+dfsg-1",{"version":214,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":215,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":218,"vendor":75,"product":218,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":218,"source":9,"versions":219},"proftpd-mod-proxy",[220,221,224,227],{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":222,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":223,"version_end_type":83,"fixed_in":9},"lt0_9_2_1+deb12u1","0.9.2-1+deb12u1",{"version":225,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":83,"fixed_in":9},"lt0_9_3_1","0.9.3-1",{"version":225,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":229,"vendor":75,"product":229,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":229,"source":9,"versions":230},"putty",[231,234,237,240],{"version":232,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":233,"version_end_type":83,"fixed_in":9},"lt0_74_1+deb11u1","0.74-1+deb11u1",{"version":235,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":236,"version_end_type":83,"fixed_in":9},"lt0_78_2+deb12u1","0.78-2+deb12u1",{"version":238,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":239,"version_end_type":83,"fixed_in":9},"lt0_80_1","0.80-1",{"version":238,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":239,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":242,"vendor":75,"product":242,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":242,"source":9,"versions":243},"python-asyncssh",[244,247,250,253],{"version":245,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":246,"version_end_type":83,"fixed_in":9},"lt2_5_0_0_1+deb11u1","2.5.0-0.1+deb11u1",{"version":248,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":249,"version_end_type":83,"fixed_in":9},"lt2_10_1_2+deb12u1","2.10.1-2+deb12u1",{"version":251,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":252,"version_end_type":83,"fixed_in":9},"lt2_15_0_1","2.15.0-1",{"version":251,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":252,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":255,"vendor":75,"product":255,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":255,"source":9,"versions":256},"tinyssh",[257,258,259,262],{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":260,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":261,"version_end_type":83,"fixed_in":9},"lt20230101_4","20230101-4",{"version":260,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":261,"version_end_type":83,"fixed_in":9},{"ecosystem":73,"name":264,"vendor":75,"product":264,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":264,"source":9,"versions":265},"trilead-ssh2",[266,267,268,269],{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":121,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]