VYPR
Medium severity5.3NVD Advisory· Published Apr 3, 2024· Updated Jun 17, 2026

CVE-2023-35812

CVE-2023-35812

Description

An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Amazon/OpenSSHllm-create
    Range: 7.4p1-22.78.amzn1, 7.4p1-22.amzn2.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.