PyPI package
asyncssh
pkg:pypi/asyncssh
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46446 | Med | 6.8 | < 2.14.1 | 2.14.1 | Nov 14, 2023 | An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | |
| CVE-2023-46445 | Med | 5.9 | < 2.14.1 | 2.14.1 | Nov 14, 2023 | An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | |
| CVE-2018-7749 | Cri | 9.8 | < 1.12.1 | 1.12.1 | Mar 12, 2018 | The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. |
- affected < 2.14.1fixed 2.14.1
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
- affected < 2.14.1fixed 2.14.1
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
- affected < 1.12.1fixed 1.12.1
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.