CVE-2023-6004

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

Published: 1/3/2024 Last updated: 6/17/2025 Reserved: 11/7/2023

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.8	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Opam packages affected (1)

libssh

Products affected (5)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	QCM8550
Red Hat Enterprise Linux 8	Red Hat	SG8275P
Red Hat Enterprise Linux 9	Red Hat	QCN6132
Red Hat Enterprise Linux 9	Red Hat	Snapdragon 8 Gen 2 Mobile Platform
Red Hat Enterprise Linux 7	Red Hat	WCD9385

References (12)

Credits (1)

Red Hat would like to thank Norbert Pocs (libssh) and vinci@protonmail.ch for reporting this issue.