Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/asyncssh@1.5.3
Typepypi
Namespace
Nameasyncssh
Version1.5.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.14.2
Latest_non_vulnerable_version2.14.2
Affected_by_vulnerabilities
0
url VCID-2f49-5tcr-p7ag
vulnerability_id VCID-2f49-5tcr-p7ag
summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.
references
0
reference_url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46445.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46445
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65473
published_at 2026-04-16T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65436
published_at 2026-04-13T12:55:00Z
2
value 0.00487
scoring_system epss
scoring_elements 0.65464
published_at 2026-04-12T12:55:00Z
3
value 0.00487
scoring_system epss
scoring_elements 0.65477
published_at 2026-04-11T12:55:00Z
4
value 0.00487
scoring_system epss
scoring_elements 0.65458
published_at 2026-04-09T12:55:00Z
5
value 0.00487
scoring_system epss
scoring_elements 0.65447
published_at 2026-04-08T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65394
published_at 2026-04-07T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65432
published_at 2026-04-04T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.65405
published_at 2026-04-02T12:55:00Z
9
value 0.00487
scoring_system epss
scoring_elements 0.65484
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46445
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46445
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml
5
reference_url https://github.com/ronf/asyncssh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh
6
reference_url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
7
reference_url https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
8
reference_url https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
9
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
11
reference_url https://security.netapp.com/advisory/ntap-20231222-0001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231222-0001
12
reference_url https://www.terrapin-attack.com
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.terrapin-attack.com
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056000
reference_id 1056000
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056000
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250326
reference_id 2250326
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250326
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46445
reference_id CVE-2023-46445
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46445
16
reference_url https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
reference_id GHSA-cfc2-wr2v-gxm5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cfc2-wr2v-gxm5
17
reference_url https://usn.ubuntu.com/7108-1/
reference_id USN-7108-1
reference_type
scores
url https://usn.ubuntu.com/7108-1/
18
reference_url https://usn.ubuntu.com/7108-2/
reference_id USN-7108-2
reference_type
scores
url https://usn.ubuntu.com/7108-2/
fixed_packages
0
url pkg:pypi/asyncssh@2.14.1
purl pkg:pypi/asyncssh@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uqtv-u3b9-mbbb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@2.14.1
aliases CVE-2023-46445, GHSA-cfc2-wr2v-gxm5, PYSEC-2023-237
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f49-5tcr-p7ag
1
url VCID-fuj2-g5nb-bqaq
vulnerability_id VCID-fuj2-g5nb-bqaq
summary The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7749
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.59994
published_at 2026-04-09T12:55:00Z
1
value 0.00389
scoring_system epss
scoring_elements 0.60028
published_at 2026-04-18T12:55:00Z
2
value 0.00389
scoring_system epss
scoring_elements 0.60021
published_at 2026-04-16T12:55:00Z
3
value 0.00389
scoring_system epss
scoring_elements 0.59982
published_at 2026-04-13T12:55:00Z
4
value 0.00389
scoring_system epss
scoring_elements 0.6
published_at 2026-04-12T12:55:00Z
5
value 0.00389
scoring_system epss
scoring_elements 0.60015
published_at 2026-04-11T12:55:00Z
6
value 0.00389
scoring_system epss
scoring_elements 0.59859
published_at 2026-04-01T12:55:00Z
7
value 0.00389
scoring_system epss
scoring_elements 0.59936
published_at 2026-04-02T12:55:00Z
8
value 0.00389
scoring_system epss
scoring_elements 0.59961
published_at 2026-04-04T12:55:00Z
9
value 0.00389
scoring_system epss
scoring_elements 0.59931
published_at 2026-04-07T12:55:00Z
10
value 0.00389
scoring_system epss
scoring_elements 0.59981
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7749
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2018-108.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2018-108.yaml
3
reference_url https://github.com/ronf/asyncssh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh
4
reference_url https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
5
reference_url https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4
6
reference_url https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892787
reference_id 892787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892787
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7749
reference_id CVE-2018-7749
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7749
9
reference_url https://github.com/advisories/GHSA-97cv-6pjf-5f9q
reference_id GHSA-97cv-6pjf-5f9q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97cv-6pjf-5f9q
10
reference_url https://usn.ubuntu.com/USN-4854-1/
reference_id USN-USN-4854-1
reference_type
scores
url https://usn.ubuntu.com/USN-4854-1/
fixed_packages
0
url pkg:pypi/asyncssh@1.12.1
purl pkg:pypi/asyncssh@1.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f49-5tcr-p7ag
1
vulnerability VCID-uqtv-u3b9-mbbb
2
vulnerability VCID-vud9-cch1-zyff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.12.1
aliases CVE-2018-7749, GHSA-97cv-6pjf-5f9q, PYSEC-2018-108
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuj2-g5nb-bqaq
2
url VCID-uqtv-u3b9-mbbb
vulnerability_id VCID-uqtv-u3b9-mbbb
summary 
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
### Summary

AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack (a.k.a. Terrapin attack), which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation (RFC8308) in the process and thus downgrading connection security.

### Mitigations

To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. Support for strict key exchange has been added to AsyncSSH in the patched version. 

**Warning: To take effect, both the client and server must support this countermeasure.** 

As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available.

### Details

The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) is vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario.

The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange.

In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers.

For more details and a pre-print of the associated research paper, see [https://terrapin-attack.com](https://terrapin-attack.com). This website is not affiliated with AsyncSSH in any way.

 ### Impact

This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario.
references
0
reference_url https://github.com/ronf/asyncssh
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh
1
reference_url https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
2
reference_url https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
3
reference_url https://github.com/advisories/GHSA-hfmc-7525-mj55
reference_id GHSA-hfmc-7525-mj55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfmc-7525-mj55
4
reference_url https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
reference_id GHSA-hfmc-7525-mj55
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
fixed_packages
0
url pkg:pypi/asyncssh@2.14.2
purl pkg:pypi/asyncssh@2.14.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@2.14.2
aliases GHSA-hfmc-7525-mj55, GMS-2023-6499
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqtv-u3b9-mbbb
3
url VCID-vud9-cch1-zyff
vulnerability_id VCID-vud9-cch1-zyff
summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.
references
0
reference_url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46446
reference_id
reference_type
scores
0
value 0.00421
scoring_system epss
scoring_elements 0.62008
published_at 2026-04-13T12:55:00Z
1
value 0.00421
scoring_system epss
scoring_elements 0.62029
published_at 2026-04-12T12:55:00Z
2
value 0.00421
scoring_system epss
scoring_elements 0.62051
published_at 2026-04-16T12:55:00Z
3
value 0.00421
scoring_system epss
scoring_elements 0.6204
published_at 2026-04-11T12:55:00Z
4
value 0.00421
scoring_system epss
scoring_elements 0.62019
published_at 2026-04-09T12:55:00Z
5
value 0.00421
scoring_system epss
scoring_elements 0.62002
published_at 2026-04-08T12:55:00Z
6
value 0.00421
scoring_system epss
scoring_elements 0.61952
published_at 2026-04-07T12:55:00Z
7
value 0.00421
scoring_system epss
scoring_elements 0.61982
published_at 2026-04-04T12:55:00Z
8
value 0.00421
scoring_system epss
scoring_elements 0.61951
published_at 2026-04-02T12:55:00Z
9
value 0.00421
scoring_system epss
scoring_elements 0.62056
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46446
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46446
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
5
reference_url https://github.com/ronf/asyncssh
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh
6
reference_url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
7
reference_url https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
8
reference_url https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
9
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
11
reference_url https://security.netapp.com/advisory/ntap-20231222-0001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231222-0001
12
reference_url https://www.terrapin-attack.com
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.terrapin-attack.com
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055999
reference_id 1055999
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055999
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250329
reference_id 2250329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250329
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46446
reference_id CVE-2023-46446
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46446
16
reference_url https://github.com/advisories/GHSA-c35q-ffpf-5qpm
reference_id GHSA-c35q-ffpf-5qpm
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c35q-ffpf-5qpm
17
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
18
reference_url https://usn.ubuntu.com/7108-1/
reference_id USN-7108-1
reference_type
scores
url https://usn.ubuntu.com/7108-1/
19
reference_url https://usn.ubuntu.com/7108-2/
reference_id USN-7108-2
reference_type
scores
url https://usn.ubuntu.com/7108-2/
fixed_packages
0
url pkg:pypi/asyncssh@2.14.1
purl pkg:pypi/asyncssh@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uqtv-u3b9-mbbb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@2.14.1
aliases CVE-2023-46446, GHSA-c35q-ffpf-5qpm, PYSEC-2023-239
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vud9-cch1-zyff
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.3