CVE-2023-6004

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

Published: 1/3/2024 Last updated: 11/7/2025 Reserved: 11/7/2023

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.8	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Version

Score

Severity

Vector String

3.1

4.8

Medium

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Opam packages affected (1)

libssh

Products affected (9)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 9	Red Hat	<= 5.15.*
Red Hat Enterprise Linux 9	Red Hat	<= 5.12.*
Red Hat Enterprise Linux 7	Red Hat	<= 6.1.*
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	< unspecified
Red Hat Enterprise Linux 9	Red Hat	3.14.2S
Red Hat Enterprise Linux 7	Red Hat	< 8.5.0

Credits (2)

Red Hat would like to thank Norbert Pocs (libssh) and vinci@protonmail.ch for reporting this issue.
Red Hat would like to thank Norbert Pocs (libssh) and vinci@protonmail.ch for reporting this issue.

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

Metrics

Opam packages affected (1)

Products affected (9)

References (26)

Credits (2)