CVE-2023-3603

Processing sftp server read may cause null dereference

Published: 7/21/2023 Last updated: 9/26/2024 Reserved: 7/10/2023

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.1	Low	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

libssh

Products affected (4)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	< 29b83a64df3b42c88c0338696feb6fdcd7f1f3b7
Extra Packages for Enterprise Linux 7	Fedora	SD855
Fedora	Fedora	5.2.3.1
libssh	n/a	SA8195P

References (4)

Credits (1)

Upstream acknowledges Wei Chong Tan as the original reporter.