src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2023-51767 (High) detected in src3.1.5, src3.1.5

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 16 comments

CVE-2023-51767 - High Severity Vulnerability

Vulnerable Libraries - src3.1.5, src3.1.5

Vulnerability Details

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

Publish Date: 2023-12-24

URL: CVE-2023-51767

CVSS 3 Score Details (7.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Dec 25 '23 08:12 mend-bolt-for-github[bot]