CVE-2023-6918 LOW

CVE-2023-6918: Libssh: missing checks for return values for digests

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Weakness CWE-252

Published December 18, 2023

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Key dates

02Disclosure timeline

December 18, 2023 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6918

Related vulnerabilities

Identifiers

CVE CVE-2023-6918

CWE CWE-252

CVSS 3.7 / LOW

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

CVE-2023-6918: Libssh: missing checks for return values for digests

01Description

02Disclosure timeline

03References

04Related CVE