data/reports: add GO-2023-2402.yaml
Aliases: CVE-2023-48795
Fixes golang/vulndb#2402
Change-Id: I71e055983c9ac360c51dcf919596fa678c375fc5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/550858
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/data/osv/GO-2023-2402.json b/data/osv/GO-2023-2402.json
new file mode 100644
index 0000000..05c0c1b
--- /dev/null
+++ b/data/osv/GO-2023-2402.json
@@ -0,0 +1,128 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2023-2402",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2023-48795"
+ ],
+ "summary": "Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto",
+ "details": "A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware.\n\nThe impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features.\n\nThis protocol weakness was also fixed in OpenSSH 9.6.",
+ "affected": [
+ {
+ "package": {
+ "name": "golang.org/x/crypto",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.17.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "golang.org/x/crypto/ssh",
+ "symbols": [
+ "Client.Dial",
+ "Client.DialContext",
+ "Client.DialTCP",
+ "Client.Listen",
+ "Client.ListenTCP",
+ "Client.ListenUnix",
+ "Client.NewSession",
+ "Dial",
+ "DiscardRequests",
+ "NewClient",
+ "NewClientConn",
+ "NewServerConn",
+ "Request.Reply",
+ "Session.Close",
+ "Session.CombinedOutput",
+ "Session.Output",
+ "Session.RequestPty",
+ "Session.RequestSubsystem",
+ "Session.Run",
+ "Session.SendRequest",
+ "Session.Setenv",
+ "Session.Shell",
+ "Session.Signal",
+ "Session.Start",
+ "Session.WindowChange",
+ "channel.Accept",
+ "channel.Close",
+ "channel.CloseWrite",
+ "channel.Read",
+ "channel.ReadExtended",
+ "channel.Reject",
+ "channel.SendRequest",
+ "channel.Write",
+ "channel.WriteExtended",
+ "connectionState.readPacket",
+ "connectionState.writePacket",
+ "extChannel.Read",
+ "extChannel.Write",
+ "handshakeTransport.enterKeyExchange",
+ "handshakeTransport.readLoop",
+ "handshakeTransport.sendKexInit",
+ "mux.OpenChannel",
+ "mux.SendRequest",
+ "sessionStdin.Close",
+ "sshClientKeyboardInteractive.Challenge",
+ "tcpListener.Accept",
+ "tcpListener.Close",
+ "transport.readPacket",
+ "transport.writePacket",
+ "unixListener.Accept",
+ "unixListener.Close"
+ ]
+ }
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "REPORT",
+ "url": "https://go.dev/issue/64784"
+ },
+ {
+ "type": "FIX",
+ "url": "https://go.dev/cl/550715"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
+ },
+ {
+ "type": "WEB",
+ "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.openssh.com/txt/release-9.6"
+ }
+ ],
+ "credits": [
+ {
+ "name": "Fabian Bäumer (Ruhr University Bochum)"
+ },
+ {
+ "name": "Marcus Brinkmann (Ruhr University Bochum)"
+ },
+ {
+ "name": "Jörg Schwenk (Ruhr University Bochum)"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2402"
+ }
+}
\ No newline at end of file
diff --git a/data/reports/GO-2023-2402.yaml b/data/reports/GO-2023-2402.yaml
new file mode 100644
index 0000000..c83ee2c
--- /dev/null
+++ b/data/reports/GO-2023-2402.yaml
@@ -0,0 +1,88 @@
+id: GO-2023-2402
+modules:
+ - module: golang.org/x/crypto
+ versions:
+ - fixed: 0.17.0
+ vulnerable_at: 0.16.0
+ packages:
+ - package: golang.org/x/crypto/ssh
+ symbols:
+ - handshakeTransport.readLoop
+ - handshakeTransport.sendKexInit
+ - handshakeTransport.enterKeyExchange
+ - transport.readPacket
+ - connectionState.readPacket
+ - transport.writePacket
+ - connectionState.writePacket
+ derived_symbols:
+ - Client.Dial
+ - Client.DialContext
+ - Client.DialTCP
+ - Client.Listen
+ - Client.ListenTCP
+ - Client.ListenUnix
+ - Client.NewSession
+ - Dial
+ - DiscardRequests
+ - NewClient
+ - NewClientConn
+ - NewServerConn
+ - Request.Reply
+ - Session.Close
+ - Session.CombinedOutput
+ - Session.Output
+ - Session.RequestPty
+ - Session.RequestSubsystem
+ - Session.Run
+ - Session.SendRequest
+ - Session.Setenv
+ - Session.Shell
+ - Session.Signal
+ - Session.Start
+ - Session.WindowChange
+ - channel.Accept
+ - channel.Close
+ - channel.CloseWrite
+ - channel.Read
+ - channel.ReadExtended
+ - channel.Reject
+ - channel.SendRequest
+ - channel.Write
+ - channel.WriteExtended
+ - extChannel.Read
+ - extChannel.Write
+ - mux.OpenChannel
+ - mux.SendRequest
+ - sessionStdin.Close
+ - sshClientKeyboardInteractive.Challenge
+ - tcpListener.Accept
+ - tcpListener.Close
+ - unixListener.Accept
+ - unixListener.Close
+summary: |-
+ Man-in-the-middle attacker can compromise integrity of secure channel in
+ golang.org/x/crypto
+description: |-
+ A protocol weakness allows a MITM attacker to compromise the integrity of the
+ secure channel before it is established, allowing the attacker to prevent
+ transmission of a number of messages immediately after the secure channel is
+ established without either side being aware.
+
+ The impact of this attack is relatively limited, as it does not compromise
+ confidentiality of the channel. Notably this attack would allow an attacker to
+ prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful
+ of newer security features.
+
+ This protocol weakness was also fixed in OpenSSH 9.6.
+cves:
+ - CVE-2023-48795
+credits:
+ - Fabian Bäumer (Ruhr University Bochum)
+ - Marcus Brinkmann (Ruhr University Bochum)
+ - Jörg Schwenk (Ruhr University Bochum)
+references:
+ - report: https://go.dev/issue/64784
+ - fix: https://go.dev/cl/550715
+ - fix: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
+ - web: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
+ - web: https://www.openssh.com/txt/release-9.6
