USN-7108-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2023-46445 CVE-2023-46446 UBUNTU-CVE-2023-46445 UBUNTU-CVE-2023-46446

Published: 18 Nov 2024, 05:27

Last modified:27 Apr 2026, 17:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Nov 2024, 05:27

Published

Vulnerability first disclosed

27 Apr 2026, 17:34

Last Modified

Vulnerability information updated

Description

python-asyncssh vulnerabilities Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. (CVE-2023-46445) Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation. (CVE-2023-46446)

Affected Systems

ubuntu•python-asyncssh
< 1.12.2-1ubuntu0.2 | < 2.5.0-1ubuntu0.1 | < 2.10.1-2ubuntu0.1+esm1

USN-7108-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)