PyPI package
asyncssh
pkg:pypi/asyncssh
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46446 | — | < 2.14.1 | 2.14.1 | Nov 14, 2023 | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | ||
| CVE-2023-46445 | — | < 2.14.1 | 2.14.1 | Nov 14, 2023 | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | ||
| CVE-2018-7749 | — | < 1.12.1 | 1.12.1 | Mar 12, 2018 | The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. |
- CVE-2023-46446Nov 14, 2023affected < 2.14.1fixed 2.14.1
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
- CVE-2023-46445Nov 14, 2023affected < 2.14.1fixed 2.14.1
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
- CVE-2018-7749Mar 12, 2018affected < 1.12.1fixed 1.12.1
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.