[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-UBUNTU-CVE-2023-48795":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":35,"related":36,"reserved_at":9,"published_at":48,"modified_at":49,"state":9,"summary":50,"references_raw":52,"kevs":116,"epss":9,"epss_history":117,"metrics":118,"affected":125},"UBUNTU-CVE-2023-48795","The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",null,[],[],[],[14],{"_key":15},"CVE-2023-48795",[17,19,21,23,25,27,29,31,33],{"_key":18},"USN-6560-1",{"_key":20},"USN-6561-1",{"_key":22},"USN-6589-1",{"_key":24},"USN-6598-1",{"_key":26},"USN-7051-1",{"_key":28},"USN-7292-1",{"_key":30},"USN-7297-1",{"_key":32},"USN-6560-2",{"_key":34},"USN-6738-1",[],[37,38,39,41,42,43,44,45,46,47],{"_key":18},{"_key":20},{"_key":40},"USN-6585-1",{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},"2023-12-18T15:00:00Z","2026-05-20T16:13:55.921481372Z",{"cisa_kev":51,"cisa_ransomware":51,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[53,59,63,67,71,76,80,84,88,92,96,100,104,108,112],{"url":54,"sources":55,"tags":57},"https://ubuntu.com/security/CVE-2023-48795",[56],"osv_ubuntu",[58],"REPORT",{"url":60,"sources":61,"tags":62},"https://terrapin-attack.com/",[56],[58],{"url":64,"sources":65,"tags":66},"https://www.openwall.com/lists/oss-security/2023/12/18/3",[56],[58],{"url":68,"sources":69,"tags":70},"https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55",[56],[58],{"url":72,"sources":73,"tags":74},"https://ubuntu.com/security/notices/USN-6560-1",[56],[75],"Advisory",{"url":77,"sources":78,"tags":79},"https://ubuntu.com/security/notices/USN-6561-1",[56],[75],{"url":81,"sources":82,"tags":83},"https://ubuntu.com/security/notices/USN-6560-2",[56],[75],{"url":85,"sources":86,"tags":87},"https://ubuntu.com/security/notices/USN-6585-1",[56],[75],{"url":89,"sources":90,"tags":91},"https://ubuntu.com/security/notices/USN-6589-1",[56],[75],{"url":93,"sources":94,"tags":95},"https://ubuntu.com/security/notices/USN-6598-1",[56],[75],{"url":97,"sources":98,"tags":99},"https://www.cve.org/CVERecord?id=CVE-2023-48795",[56],[58],{"url":101,"sources":102,"tags":103},"https://ubuntu.com/security/notices/USN-6738-1",[56],[75],{"url":105,"sources":106,"tags":107},"https://ubuntu.com/security/notices/USN-7051-1",[56],[75],{"url":109,"sources":110,"tags":111},"https://ubuntu.com/security/notices/USN-7297-1",[56],[75],{"url":113,"sources":114,"tags":115},"https://ubuntu.com/security/notices/USN-7292-1",[56],[75],[],[],[119],{"source":56,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":120,"cvss_v4_0":9},{"baseScore":121,"baseSeverity":9,"vectorString":122,"impactScore":123,"exploitabilityScore":124},5.9,"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",6,5.6,[126,149,161,167,176,185,213,222,237,247,255],{"ecosystem":127,"name":128,"vendor":129,"product":128,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":128,"source":9,"versions":131},"Ubuntu","dropbear","ubuntu","deb",[132,136,140,143,146,147,148],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":137,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":138,"version_end_type":139,"fixed_in":9},"lt2017_75_3ubuntu0_1~esm1","2017.75-3ubuntu0.1~esm1","excluding",{"version":141,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":142,"version_end_type":139,"fixed_in":9},"lt2019_78_2ubuntu0_1~esm1","2019.78-2ubuntu0.1~esm1",{"version":144,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":145,"version_end_type":139,"fixed_in":9},"lt2020_81_5ubuntu0_1","2020.81-5ubuntu0.1",{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":127,"name":150,"vendor":129,"product":150,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":150,"source":9,"versions":151},"filezilla",[152,155,158],{"version":153,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":154,"version_end_type":139,"fixed_in":9},"lt3_46_3_1ubuntu0_1","3.46.3-1ubuntu0.1",{"version":156,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":157,"version_end_type":139,"fixed_in":9},"lt3_58_0_1ubuntu0_1","3.58.0-1ubuntu0.1",{"version":159,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":160,"version_end_type":139,"fixed_in":9},"lt3_66_4_1","3.66.4-1",{"ecosystem":127,"name":162,"vendor":129,"product":162,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":162,"source":9,"versions":163},"golang-go.crypto",[164,165,166],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":127,"name":168,"vendor":129,"product":168,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":168,"source":9,"versions":169},"libssh",[170,173],{"version":171,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":172,"version_end_type":139,"fixed_in":9},"lt0_9_3_2ubuntu2_4","0.9.3-2ubuntu2.4",{"version":174,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":175,"version_end_type":139,"fixed_in":9},"lt0_9_6_2ubuntu0_22_04_2","0.9.6-2ubuntu0.22.04.2",{"ecosystem":127,"name":177,"vendor":129,"product":177,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":177,"source":9,"versions":178},"lxd",[179,182],{"version":180,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":181,"version_end_type":139,"fixed_in":9},"lt2_0_11_0ubuntu1~16_04_4+esm1","2.0.11-0ubuntu1~16.04.4+esm1",{"version":183,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":184,"version_end_type":139,"fixed_in":9},"lt3_0_3_0ubuntu1~18_04_2+esm1","3.0.3-0ubuntu1~18.04.2+esm1",{"ecosystem":127,"name":186,"vendor":129,"product":186,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":186,"source":9,"versions":187},"openssh",[188,189,192,195,198,201,204,207,210],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":190,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":191,"version_end_type":139,"fixed_in":9},"lt1:7_2p2_4ubuntu2_10+esm5","1:7.2p2-4ubuntu2.10+esm5",{"version":193,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":194,"version_end_type":139,"fixed_in":9},"lt1:7_2p2_4ubuntu2_fips_2_10_5","1:7.2p2-4ubuntu2.fips.2.10.5",{"version":196,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":197,"version_end_type":139,"fixed_in":9},"lt1:7_6p1_4ubuntu0_7+esm3","1:7.6p1-4ubuntu0.7+esm3",{"version":199,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":200,"version_end_type":139,"fixed_in":9},"lt1:7_9p1_10~ubuntu18_04_fips_0_9","1:7.9p1-10~ubuntu18.04.fips.0.9",{"version":202,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":203,"version_end_type":139,"fixed_in":9},"lt1:8_2p1_4ubuntu0_10","1:8.2p1-4ubuntu0.10",{"version":205,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":206,"version_end_type":139,"fixed_in":9},"lt1:8_2p1_4ubuntu0_fips_0_10","1:8.2p1-4ubuntu0.fips.0.10",{"version":208,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":209,"version_end_type":139,"fixed_in":9},"lt1:8_9p1_3ubuntu0_5","1:8.9p1-3ubuntu0.5",{"version":211,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":212,"version_end_type":139,"fixed_in":9},"lt1:9_6p1_3ubuntu1","1:9.6p1-3ubuntu1",{"ecosystem":127,"name":214,"vendor":129,"product":214,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":214,"source":9,"versions":215},"openssh-ssh1",[216,217,218,219,220,221],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":127,"name":223,"vendor":129,"product":223,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":223,"source":9,"versions":224},"paramiko",[225,226,227,228,231,234],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":229,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":230,"version_end_type":139,"fixed_in":9},"lt2_6_0_2ubuntu0_3","2.6.0-2ubuntu0.3",{"version":232,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":233,"version_end_type":139,"fixed_in":9},"lt2_9_3_0ubuntu1_2","2.9.3-0ubuntu1.2",{"version":235,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":236,"version_end_type":139,"fixed_in":9},"lt2_12_0_2ubuntu4","2.12.0-2ubuntu4",{"ecosystem":127,"name":238,"vendor":129,"product":238,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":238,"source":9,"versions":239},"proftpd-dfsg",[240,241,242,245,246],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":243,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":244,"version_end_type":139,"fixed_in":9},"lt1_3_6c_2ubuntu0_1","1.3.6c-2ubuntu0.1",{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":127,"name":248,"vendor":129,"product":248,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":248,"source":9,"versions":249},"putty",[250,251,252,253,254],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":127,"name":256,"vendor":129,"product":256,"cpe_part":9,"purl_type":130,"purl_namespace":129,"purl_name":256,"source":9,"versions":257},"python-asyncssh",[258,259,260,263,266],{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":133,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":261,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":262,"version_end_type":139,"fixed_in":9},"lt1_12_2_1ubuntu0_1","1.12.2-1ubuntu0.1",{"version":264,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":265,"version_end_type":139,"fixed_in":9},"lt2_5_0_1ubuntu0_1~esm1","2.5.0-1ubuntu0.1~esm1",{"version":267,"is_range":134,"range_type":135,"version_start":9,"version_start_type":9,"version_end":268,"version_end_type":139,"fixed_in":9},"lt2_10_1_2ubuntu0_1","2.10.1-2ubuntu0.1"]