🛡️ CVE-2023-51767
🟠 CVSS 7.0 — High ✅ No Known Exploit NVD
7.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses."

Details

Severity HIGH
CVSS Score 7.0
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE N/A
Public Exploit ✅ No
Source NVD
Published 2023-12-24
Updated 2026-06-08
Modified 2026-06-02
Fix URL N/A

Affected Packages

Software From version Fixed in
enterprise-linux
fedora
openssh

References

Technical Description https://arxiv.org/abs/2309.02545
Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2255850
Technical Description https://arxiv.org/abs/2309.02545
Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2255850

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.