PT-2023-25330 · Openssh · Openssh

Published

2023-08-09

Updated

2025-03-25

CVE-2023-35812

CVSS v3.1

5.3

Medium

Vector

AC:H/AV:N/A:N/C:N/I:H/PR:N/S:U/UI:R

Name of the Vulnerable Software and Affected Versions OpenSSH versions 7.4

Description An issue was discovered in OpenSSH because of an incomplete fix. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested.

Recommendations For OpenSSH version 7.4, update to fixed packages with numbers 7.4p1-22.78.amzn1 for Amazon Linux 1 and 7.4p1-22.amzn2.0.2 for Amazon Linux 2.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2023-35812

Affected Products

Openssh

PT-2023-25330 · Openssh · Openssh

CVE-2023-35812

Weakness Enumeration

Related Identifiers

Affected Products

References · 4