{"id":"CVE-2023-51384","details":"In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.","modified":"2026-04-16T04:43:10.223170990Z","published":"2023-12-18T19:15:08.720Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5586"},{"type":"ADVISORY","url":"https://www.openssh.com/txt/release-9.6"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240105-0005/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT214084"},{"type":"FIX","url":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssh/openssh-portable","events":[{"introduced":"166456cedad3962b83b848b1e9caf80794831f0f"},{"fixed":"8241b9c0529228b4b86d88b1a6076fb9f97e4a99"},{"fixed":"881d9c6af9da4257c69c327c4e2f1508b2fa754b"}],"database_specific":{"versions":[{"introduced":"8.9"},{"fixed":"9.6"}]}}],"versions":["V_8_9_P1","V_9_0_P1","V_9_1_P1","V_9_2_P1","V_9_3_P1","V_9_5_P1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51384.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]}],"vanir_signatures":[{"id":"CVE-2023-51384-04095291","digest":{"threshold":0.9,"line_hashes":["165133495389554297912767730419079343328","51357999955434305010492097827526105056","237719418229141719700376624699526783696","222509662087054981858724365674461944310","77877875258432041824660753117188147160","260180419508842306242026762219675778977","319395782123128356350823936054264886001","172655592712497241375021799634740338404","183399105187236692764150687158924405640","13300799163786537476821050767830715023","221711053435872488017755765670535943696","291311572882749541789877283323457299620","210924518203033044114707095992339301332","19911762018547012148449969924601994575","277594480068207267620304023861492235757","250061180844054679988232107686823032932","187077904320853389933675193085424106859","205896619791922447934686386543737829507","45893456774503555158027456471775856766","288516979117290764510509880060259271743","132582832762637166722279977939824181863","97735314150398434170463706927390337055","307173292080022353125029275547071352355","92036182733966272299927009172134763297","22940543327438639525058052641308751744","252438227409640733494615835613228794155","202457347594211403788944331955161749688"]},"deprecated":false,"target":{"file":"ssh-agent.c"},"source":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b","signature_version":"v1","signature_type":"Line"},{"id":"CVE-2023-51384-25d81cb7","digest":{"function_hash":"175177923229075572065215605283815395961","length":950},"deprecated":false,"target":{"function":"process_request_identities","file":"ssh-agent.c"},"source":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b","signature_version":"v1","signature_type":"Function"},{"id":"CVE-2023-51384-344f481f","source":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b","deprecated":false,"target":{"file":"ssh-agent.c","function":"process_add_identity"},"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"214910033270401005651023148364417079835","length":2617}},{"id":"CVE-2023-51384-c3bcb8ae","signature_type":"Function","deprecated":false,"target":{"function":"process_add_smartcard_key","file":"ssh-agent.c"},"digest":{"function_hash":"149225205320621043989436734866009309103","length":1972},"signature_version":"v1","source":"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b"}],"vanir_signatures_modified":"2026-04-12T06:44:57Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}