CVE-2023-6004
- Source
- https://cve.org/CVERecord?id=CVE-2023-6004
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6004.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-6004
- Downstream
- Related
- Published
- 2024-01-03T17:15:11.623Z
- Modified
- 2026-02-19T08:38:28.281820Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://access.redhat.com/security/cve/CVE-2023-6004
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://bugzilla.redhat.com/show_bug.cgi?id=2251110
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
Affected packages
Git
gitlab.com/gnutls/gnutls
Affected versions
Other
gnutls_0_8_0
gnutls_0_8_1
gnutls_0_9_1
gnutls_0_9_2
gnutls_0_9_3
gnutls_0_9_4
gnutls_0_9_5
gnutls_0_9_6
gnutls_0_9_7
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6004.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"105020232624571213872617437355755845843",
"60875719106959512256813781522930747288",
"321363280934594549417048919108883560564",
"161096081384501233154930478121314962415",
"98251758748252602723564205549248155193",
"124717638101039490461520916464619521387",
"137640783227126349539123911209566393926",
"63597673358889205730475102939396038204",
"83126905843981719919274337002824306248",
"56355404582531666274916906159999312046",
"192719743862157628172342583985360725161",
"36734615661910954435918622099739011458",
"285843993617234679851899095490354254256",
"101138953478094892209734814079864525935",
"315778772943783154580951715928607462250",
"19702013856048866418315901810349680256"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-6004-bafffe88",
"source": "https://gitlab.com/gnutls/gnutls@2ce3818a2591e2bd914469f0eb6cd86e276f6adb",
"target": {
"file": "src/cli.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"87752413676401501434732164686283579550",
"270828585655108438000936049377264988642",
"288139412651394699802032549788184580089",
"298172903532849595452581369406605041953",
"185763756967697092665233456644911840548",
"70217696924517152717106609181530370153",
"40938362738608472793207974858478141465",
"43764262692403954540032412384938480645",
"251013063090910152994704843677499362798",
"13508086898590933900076415713246955939",
"155018384467131482070614760856069314085",
"191588348399786835296209304125580658187",
"244377375783748101790643448231572585787",
"144398335645644886466274207589551060721",
"307666618902319813392680699721002645161",
"228281584721370932245474351360255635476"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-6004-cb7d0b3d",
"source": "https://gitlab.com/gnutls/gnutls@2ce3818a2591e2bd914469f0eb6cd86e276f6adb",
"target": {
"file": "src/serv.c"
}
}
]