CVE-2023-3603

Name of the Vulnerable Software and Affected Versions OpenSSH SFTP server (affected versions not specified)

Description A missing allocation check in the SFTP server when processing read requests can cause a NULL dereference under low-memory conditions. A malicious client can request up to 4GB SFTP reads, leading to the allocation of large buffers without checking for failure. This can likely crash the authenticated user's SFTP server connection, especially in forking-based implementations, and may also cause a Denial of Service (DoS) for legitimate users in thread-based servers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.