CVE-2023-3603

Processing sftp server read may cause null dereference

Published: 7/21/2023 Last updated: 9/26/2024 Reserved: 7/10/2023

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.1	Low	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

libssh

Products affected (6)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	<= 5.4.*
Red Hat Enterprise Linux 8	Red Hat	< 02228f6aa6a64d588bc31e3267d05ff184d772eb
Red Hat Enterprise Linux 9	Red Hat	<= 5.10.*
Fedora	Fedora	2.6.12
libssh	n/a	< ad1336274f733a7cb1f87b5c5908165a2c14df53
libssh	n/a	<= <= 5.4.5

References (8)

Credits (2)

Upstream acknowledges Wei Chong Tan as the original reporter.
Upstream acknowledges Wei Chong Tan as the original reporter.