{"id":"USN-7108-1","summary":"python-asyncssh vulnerabilities","details":"Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH\ndid not properly handle the extension info message. An attacker able to\nintercept communications could possibly use this issue to downgrade\nthe algorithm used for client authentication. (CVE-2023-46445)\n\nFabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH\ndid not properly handle the user authentication request message. An\nattacker could possibly use this issue to control the remote end of an SSH\nclient session via packet injection/removal and shell emulation.\n(CVE-2023-46446)\n","modified":"2026-04-24T09:54:02.484085Z","published":"2024-11-18T05:27:15Z","related":["UBUNTU-CVE-2023-46445","UBUNTU-CVE-2023-46446"],"upstream":["CVE-2023-46445","CVE-2023-46446","UBUNTU-CVE-2023-46445","UBUNTU-CVE-2023-46446"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7108-1"}],"affected":[{"package":{"name":"python-asyncssh","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python-asyncssh@1.12.2-1ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.2-1ubuntu0.2"}]}],"versions":["1.12.2-1","1.12.2-1ubuntu0.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-asyncssh","binary_version":"1.12.2-1ubuntu0.2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7108-1.json"}},{"package":{"name":"python-asyncssh","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/python-asyncssh@2.5.0-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.0-1ubuntu0.1"}]}],"versions":["2.5.0-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-asyncssh","binary_version":"2.5.0-1ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7108-1.json"}},{"package":{"name":"python-asyncssh","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/python-asyncssh@2.10.1-2ubuntu0.1+esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.1-2ubuntu0.1+esm1"}]}],"versions":["2.10.1-2","2.10.1-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"python3-asyncssh","binary_version":"2.10.1-2ubuntu0.1+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7108-1.json"}}],"schema_version":"1.7.5"}