data/reports/GO-2023-2402.yaml

id: GO-2023-2402
modules:
    - module: golang.org/x/crypto
      versions:
        - fixed: 0.17.0
      vulnerable_at: 0.16.0
      packages:
        - package: golang.org/x/crypto/ssh
          symbols:
            - handshakeTransport.readLoop
            - handshakeTransport.sendKexInit
            - handshakeTransport.enterKeyExchange
            - transport.readPacket
            - connectionState.readPacket
            - transport.writePacket
            - connectionState.writePacket
          derived_symbols:
            - Client.Dial
            - Client.DialContext
            - Client.DialTCP
            - Client.Listen
            - Client.ListenTCP
            - Client.ListenUnix
            - Client.NewSession
            - Dial
            - DiscardRequests
            - NewClient
            - NewClientConn
            - NewServerConn
            - Request.Reply
            - Session.Close
            - Session.CombinedOutput
            - Session.Output
            - Session.RequestPty
            - Session.RequestSubsystem
            - Session.Run
            - Session.SendRequest
            - Session.Setenv
            - Session.Shell
            - Session.Signal
            - Session.Start
            - Session.WindowChange
            - channel.Accept
            - channel.Close
            - channel.CloseWrite
            - channel.Read
            - channel.ReadExtended
            - channel.Reject
            - channel.SendRequest
            - channel.Write
            - channel.WriteExtended
            - curve25519sha256.Client
            - curve25519sha256.Server
            - dhGEXSHA.Client
            - dhGEXSHA.Server
            - dhGroup.Client
            - dhGroup.Server
            - ecdh.Client
            - ecdh.Server
            - extChannel.Read
            - extChannel.Write
            - mux.OpenChannel
            - mux.SendRequest
            - sessionStdin.Close
            - sshClientKeyboardInteractive.Challenge
            - tcpListener.Accept
            - tcpListener.Close
            - unixListener.Accept
            - unixListener.Close
summary: |-
    Man-in-the-middle attacker can compromise integrity of secure channel in
    golang.org/x/crypto
description: |-
    A protocol weakness allows a MITM attacker to compromise the integrity of the
    secure channel before it is established, allowing the attacker to prevent
    transmission of a number of messages immediately after the secure channel is
    established without either side being aware.

    The impact of this attack is relatively limited, as it does not compromise
    confidentiality of the channel. Notably this attack would allow an attacker to
    prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful
    of newer security features.

    This protocol weakness was also fixed in OpenSSH 9.6.
cves:
    - CVE-2023-48795
ghsas:
    - GHSA-45x7-px36-x8w8
credits:
    - Fabian Bäumer (Ruhr University Bochum)
    - Marcus Brinkmann (Ruhr University Bochum)
    - Jörg Schwenk (Ruhr University Bochum)
references:
    - report: https://go.dev/issue/64784
    - fix: https://go.dev/cl/550715
    - fix: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
    - web: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
    - web: https://www.openssh.com/txt/release-9.6
review_status: REVIEWED