vulnerability

OpenSSH Vulnerability: CVE-2023-51767

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	12/24/2023	03/12/2024	01/28/2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

12/24/2023

Added

03/12/2024

Modified

01/28/2025

Description

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

Solution

openbsd-openssh-upgrade-latest

References

CVE-2023-51767
https://attackerkb.com/topics/CVE-2023-51767

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today