CVE-2023-46445
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
| Vendor | n/a |
| Product | n/a |
| Published | Nov 14, 2023 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new medium vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
github.com: https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/ terrapin-attack.com: https://www.terrapin-attack.com github.com: https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst github.com: https://github.com/advisories/GHSA-cfc2-wr2v-gxm5 packetstormsecurity.com: http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html security.netapp.com: https://security.netapp.com/advisory/ntap-20231222-0001/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html