data/reports/GO-2023-2402.yaml - vulndb - Git at Google

 id: GO-2023-2402
 modules:
     - module: golang.org/x/crypto
       versions:
         - fixed: 0.17.0
       vulnerable_at: 0.16.0
       packages:
         - package: golang.org/x/crypto/ssh
           symbols:
             - handshakeTransport.readLoop
             - handshakeTransport.sendKexInit
             - handshakeTransport.enterKeyExchange
             - transport.readPacket
             - connectionState.readPacket
             - transport.writePacket
             - connectionState.writePacket
           derived_symbols:
             - Client.Dial
             - Client.DialContext
             - Client.DialTCP
             - Client.Listen
             - Client.ListenTCP
             - Client.ListenUnix
             - Client.NewSession
             - Dial
             - DiscardRequests
             - NewClient
             - NewClientConn
             - NewServerConn
             - Request.Reply
             - Session.Close
             - Session.CombinedOutput
             - Session.Output
             - Session.RequestPty
             - Session.RequestSubsystem
             - Session.Run
             - Session.SendRequest
             - Session.Setenv
             - Session.Shell
             - Session.Signal
             - Session.Start
             - Session.WindowChange
             - channel.Accept
             - channel.Close
             - channel.CloseWrite
             - channel.Read
             - channel.ReadExtended
             - channel.Reject
             - channel.SendRequest
             - channel.Write
             - channel.WriteExtended
             - curve25519sha256.Client
             - curve25519sha256.Server
             - dhGEXSHA.Client
             - dhGEXSHA.Server
             - dhGroup.Client
             - dhGroup.Server
             - ecdh.Client
             - ecdh.Server
             - extChannel.Read
             - extChannel.Write
             - mux.OpenChannel
             - mux.SendRequest
             - sessionStdin.Close
             - sshClientKeyboardInteractive.Challenge
             - tcpListener.Accept
             - tcpListener.Close
             - unixListener.Accept
             - unixListener.Close
 summary: |-
     Man-in-the-middle attacker can compromise integrity of secure channel in
     golang.org/x/crypto
 description: |-
     A protocol weakness allows a MITM attacker to compromise the integrity of the
     secure channel before it is established, allowing the attacker to prevent
     transmission of a number of messages immediately after the secure channel is
     established without either side being aware.

     The impact of this attack is relatively limited, as it does not compromise
     confidentiality of the channel. Notably this attack would allow an attacker to
     prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful
     of newer security features.

     This protocol weakness was also fixed in OpenSSH 9.6.
 cves:
     - CVE-2023-48795
 ghsas:
     - GHSA-45x7-px36-x8w8
 credits:
     - Fabian Bäumer (Ruhr University Bochum)
     - Marcus Brinkmann (Ruhr University Bochum)
     - Jörg Schwenk (Ruhr University Bochum)
 references:
     - report: https://go.dev/issue/64784
     - fix: https://go.dev/cl/550715
     - fix: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
     - web: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
     - web: https://www.openssh.com/txt/release-9.6
	id: GO-2023-2402
	modules:
	- module: golang.org/x/crypto
	versions:
	- fixed: 0.17.0
	vulnerable_at: 0.16.0
	packages:
	- package: golang.org/x/crypto/ssh
	symbols:
	- handshakeTransport.readLoop
	- handshakeTransport.sendKexInit
	- handshakeTransport.enterKeyExchange
	- transport.readPacket
	- connectionState.readPacket
	- transport.writePacket
	- connectionState.writePacket
	derived_symbols:
	- Client.Dial
	- Client.DialContext
	- Client.DialTCP
	- Client.Listen
	- Client.ListenTCP
	- Client.ListenUnix
	- Client.NewSession
	- Dial
	- DiscardRequests
	- NewClient
	- NewClientConn
	- NewServerConn
	- Request.Reply
	- Session.Close
	- Session.CombinedOutput
	- Session.Output
	- Session.RequestPty
	- Session.RequestSubsystem
	- Session.Run
	- Session.SendRequest
	- Session.Setenv
	- Session.Shell
	- Session.Signal
	- Session.Start
	- Session.WindowChange
	- channel.Accept
	- channel.Close
	- channel.CloseWrite
	- channel.Read
	- channel.ReadExtended
	- channel.Reject
	- channel.SendRequest
	- channel.Write
	- channel.WriteExtended
	- curve25519sha256.Client
	- curve25519sha256.Server
	- dhGEXSHA.Client
	- dhGEXSHA.Server
	- dhGroup.Client
	- dhGroup.Server
	- ecdh.Client
	- ecdh.Server
	- extChannel.Read
	- extChannel.Write
	- mux.OpenChannel
	- mux.SendRequest
	- sessionStdin.Close
	- sshClientKeyboardInteractive.Challenge
	- tcpListener.Accept
	- tcpListener.Close
	- unixListener.Accept
	- unixListener.Close
	summary: \|-
	Man-in-the-middle attacker can compromise integrity of secure channel in
	golang.org/x/crypto
	description: \|-
	A protocol weakness allows a MITM attacker to compromise the integrity of the
	secure channel before it is established, allowing the attacker to prevent
	transmission of a number of messages immediately after the secure channel is
	established without either side being aware.

	The impact of this attack is relatively limited, as it does not compromise
	confidentiality of the channel. Notably this attack would allow an attacker to
	prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful
	of newer security features.

	This protocol weakness was also fixed in OpenSSH 9.6.
	cves:
	- CVE-2023-48795
	ghsas:
	- GHSA-45x7-px36-x8w8
	credits:
	- Fabian Bäumer (Ruhr University Bochum)
	- Marcus Brinkmann (Ruhr University Bochum)
	- Jörg Schwenk (Ruhr University Bochum)
	references:
	- report: https://go.dev/issue/64784
	- fix: https://go.dev/cl/550715
	- fix: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
	- web: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
	- web: https://www.openssh.com/txt/release-9.6