In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
[
{
"id": "CVE-2023-51384-04095291",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"165133495389554297912767730419079343328",
"51357999955434305010492097827526105056",
"237719418229141719700376624699526783696",
"222509662087054981858724365674461944310",
"77877875258432041824660753117188147160",
"260180419508842306242026762219675778977",
"319395782123128356350823936054264886001",
"172655592712497241375021799634740338404",
"183399105187236692764150687158924405640",
"13300799163786537476821050767830715023",
"221711053435872488017755765670535943696",
"291311572882749541789877283323457299620",
"210924518203033044114707095992339301332",
"19911762018547012148449969924601994575",
"277594480068207267620304023861492235757",
"250061180844054679988232107686823032932",
"187077904320853389933675193085424106859",
"205896619791922447934686386543737829507",
"45893456774503555158027456471775856766",
"288516979117290764510509880060259271743",
"132582832762637166722279977939824181863",
"97735314150398434170463706927390337055",
"307173292080022353125029275547071352355",
"92036182733966272299927009172134763297",
"22940543327438639525058052641308751744",
"252438227409640733494615835613228794155",
"202457347594211403788944331955161749688"
],
"threshold": 0.9
},
"target": {
"file": "ssh-agent.c"
},
"source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"signature_type": "Line"
},
{
"id": "CVE-2023-51384-25d81cb7",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 950.0,
"function_hash": "175177923229075572065215605283815395961"
},
"target": {
"function": "process_request_identities",
"file": "ssh-agent.c"
},
"source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"signature_type": "Function"
},
{
"id": "CVE-2023-51384-344f481f",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 2617.0,
"function_hash": "214910033270401005651023148364417079835"
},
"target": {
"function": "process_add_identity",
"file": "ssh-agent.c"
},
"source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"signature_type": "Function"
},
{
"id": "CVE-2023-51384-c3bcb8ae",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1972.0,
"function_hash": "149225205320621043989436734866009309103"
},
"target": {
"function": "process_add_smartcard_key",
"file": "ssh-agent.c"
},
"source": "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"signature_type": "Function"
}
]