CVE-2023-48795
Public on 2023-12-18
Modified on 2024-02-05
Description
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | erlang | Not Affected | ||
| Amazon Linux 1 | jsch | Not Affected | ||
| Amazon Linux 2 - Core | jsch | Not Affected | ||
| Amazon Linux 2023 | jsch | Not Affected | ||
| Amazon Linux 2023 | libssh | 2024-01-03 | ALAS2023-2024-468 | Fixed |
| Amazon Linux 1 | libssh2 | Not Affected | ||
| Amazon Linux 2 - Core | libssh2 | Not Affected | ||
| Amazon Linux 2023 | libssh2 | Not Affected | ||
| Amazon Linux 1 | openssh | 2023-12-18 | ALAS-2023-1898 | Fixed |
| Amazon Linux 2 - Core | openssh | 2023-12-18 | ALAS2-2023-2376 | Fixed |
| Amazon Linux 2023 | openssh | 2023-12-18 | ALAS2023-2023-462 | Fixed |
| Amazon Linux 1 | python-paramiko | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| NVD | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |