CVE-2023-48795
Public on 2023-12-18
Modified on 2024-02-05
Description
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update to the latest version of SSH.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | erlang | Not Affected | ||
| HAQM Linux 1 | jsch | Not Affected | ||
| HAQM Linux 2 - Core | jsch | Not Affected | ||
| HAQM Linux 2023 | jsch | Not Affected | ||
| HAQM Linux 2023 | libssh | 2024-01-03 | ALAS2023-2024-468 | Fixed |
| HAQM Linux 1 | libssh2 | Not Affected | ||
| HAQM Linux 2 - Core | libssh2 | Not Affected | ||
| HAQM Linux 2023 | libssh2 | Not Affected | ||
| HAQM Linux 1 | openssh | 2023-12-18 | ALAS-2023-1898 | Fixed |
| HAQM Linux 2 - Core | openssh | 2023-12-18 | ALAS2-2023-2376 | Fixed |
| HAQM Linux 2023 | openssh | 2023-12-18 | ALAS2023-2023-462 | Fixed |
| HAQM Linux 1 | python-paramiko | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| NVD | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |