CVE-2023-2283 in MySQL Workbenchinfo

Summary

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

04/25/2023

Disclosure

05/26/2023

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
251272Oracle MySQL Workbench improper authentication287Not definedOfficial fixCVE-2023-2283
251262Oracle MySQL Cluster improper authentication287Not definedOfficial fixCVE-2023-2283
251045Oracle Communications Cloud Native Core Network Repository Function Install/Upgrade improper authentication287Not definedOfficial fixCVE-2023-2283
251044Oracle Communications Cloud Native Core Console Configuration improper authentication287Not definedOfficial fixCVE-2023-2283
242546Oracle Communications Network Analytics Data Director Platform improper authentication287Not definedOfficial fixCVE-2023-2283
242531Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade improper authentication287Not definedOfficial fixCVE-2023-2283
228182libssh pki_verify_data_signature access control284Not definedNot definedCVE-2023-2283

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!