VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-s7uw-9yv3-yycq

Essentials
Severities (54)
References (22)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s7uw-9yv3-yycq
Aliases	CVE-2023-46446 GHSA-c35q-ffpf-5qpm PYSEC-2023-239
Summary	An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (7)

CWE-345	Insufficient Verification of Data Authenticity
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-354	Improper Validation of Integrity Check Value
CWE-359	Exposure of Private Personal Information to an Unauthorized Actor
CWE-639	Authorization Bypass Through User-Controlled Key
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	8.1	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
generic_textual	HIGH	http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
epss	0.00397	https://api.first.org/data/v1/epss?cve=CVE-2023-46446
cvssv3.1	8.1	https://github.com/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-c35q-ffpf-5qpm
generic_textual	HIGH	https://github.com/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1	8.1	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
cvssv3.1	8.1	https://github.com/ronf/asyncssh
generic_textual	HIGH	https://github.com/ronf/asyncssh
cvssv3.1	8.1	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
generic_textual	HIGH	https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
cvssv3.1	8.1	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
generic_textual	HIGH	https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
cvssv3.1	6.8	https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1	8.1	https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1_qr	HIGH	https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
generic_textual	HIGH	https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
cvssv3.1	6.8	https://nvd.nist.gov/vuln/detail/CVE-2023-46446
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-46446
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-46446
cvssv3.1	8.1	https://security.netapp.com/advisory/ntap-20231222-0001
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20231222-0001
cvssv3.1	8.1	https://www.terrapin-attack.com
generic_textual	HIGH	https://www.terrapin-attack.com

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-46446
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46446
		https://github.com/advisories/GHSA-c35q-ffpf-5qpm
		https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml
		https://github.com/ronf/asyncssh
		https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
		https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e
		https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
		https://nvd.nist.gov/vuln/detail/CVE-2023-46446
		https://security.netapp.com/advisory/ntap-20231222-0001
		https://security.netapp.com/advisory/ntap-20231222-0001/
		https://www.terrapin-attack.com
1055999		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055999
2250329		https://bugzilla.redhat.com/show_bug.cgi?id=2250329
cpe:2.3:a:asyncssh_project:asyncssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asyncssh_project:asyncssh::::::::
RHSA-2025:4664		https://access.redhat.com/errata/RHSA-2025:4664
USN-7108-1		https://usn.ubuntu.com/7108-1/
USN-7108-2		https://usn.ubuntu.com/7108-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46446.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/advisories/GHSA-c35q-ffpf-5qpm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46446

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46446

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20231222-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://www.terrapin-attack.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.5968
EPSS Score	0.00397
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:24:05.668417+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/asyncssh/PYSEC-2023-239.yaml	37.0.0