Search for vulnerabilities
Vulnerability details: VCID-5tuj-y5yx-aaar
Vulnerability ID VCID-5tuj-y5yx-aaar
Aliases GHSA-hfmc-7525-mj55
GMS-2023-6499
Summary AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-345 Insufficient Verification of Data Authenticity
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-hfmc-7525-mj55
cvssv3.1 8.1 https://github.com/ronf/asyncssh
generic_textual HIGH https://github.com/ronf/asyncssh
cvssv3.1 5.9 https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
generic_textual MODERATE https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
cvssv3.1 5.9 https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
generic_textual MODERATE https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
cvssv3.1_qr MODERATE https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
Reference id Reference type URL
https://github.com/ronf/asyncssh
https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
GHSA-hfmc-7525-mj55 https://github.com/advisories/GHSA-hfmc-7525-mj55
GHSA-hfmc-7525-mj55 https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ronf/asyncssh/commit/69f5a41b458b29367a65fe469c2b0255b5db210a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2024-01-03T17:43:39.539444+00:00 GHSA Importer Import https://github.com/advisories/GHSA-hfmc-7525-mj55 34.0.0rc1