A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Related CVEs

CVE-2023-6918

Key Information

GHSA ID

GHSA-gpcj-wh2f-rr23

Published

December 19, 2023 12:30 AM

Last Modified

February 15, 2025 3:31 AM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.