{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "state": "PUBLISHED",
        "cveId": "CVE-2023-48795",
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "dateUpdated": "2024-08-02T21:46:27.255Z",
        "dateReserved": "2023-11-20T00:00:00",
        "datePublished": "2023-12-18T00:00:00"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
                "shortName": "mitre",
                "dateUpdated": "2024-05-01T18:06:23.972272"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
                }
            ],
            "affected": [
                {
                    "vendor": "n/a",
                    "product": "n/a",
                    "versions": [
                        {
                            "version": "n/a",
                            "status": "affected"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
                },
                {
                    "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
                },
                {
                    "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
                },
                {
                    "url": "https://www.netsarang.com/en/xshell-update-history/"
                },
                {
                    "url": "https://www.paramiko.org/changelog.html"
                },
                {
                    "url": "https://www.openssh.com/openbsd.html"
                },
                {
                    "url": "https://github.com/openssh/openssh-portable/commits/master"
                },
                {
                    "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
                },
                {
                    "url": "https://www.bitvise.com/ssh-server-version-history"
                },
                {
                    "url": "https://github.com/ronf/asyncssh/tags"
                },
                {
                    "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
                },
                {
                    "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
                },
                {
                    "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
                },
                {
                    "url": "https://www.openssh.com/txt/release-9.6"
                },
                {
                    "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
                },
                {
                    "url": "https://www.terrapin-attack.com"
                },
                {
                    "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
                },
                {
                    "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
                },
                {
                    "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
                },
                {
                    "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
                },
                {
                    "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
                },
                {
                    "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
                },
                {
                    "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
                },
                {
                    "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
                },
                {
                    "url": "https://github.com/paramiko/paramiko/issues/2337"
                },
                {
                    "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
                },
                {
                    "url": "https://news.ycombinator.com/item?id=38684904"
                },
                {
                    "url": "https://news.ycombinator.com/item?id=38685286"
                },
                {
                    "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
                },
                {
                    "url": "https://github.com/mwiede/jsch/issues/457"
                },
                {
                    "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
                },
                {
                    "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
                },
                {
                    "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
                },
                {
                    "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
                },
                {
                    "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
                },
                {
                    "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
                },
                {
                    "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
                },
                {
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
                },
                {
                    "url": "https://bugs.gentoo.org/920280"
                },
                {
                    "url": "https://ubuntu.com/security/CVE-2023-48795"
                },
                {
                    "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
                },
                {
                    "url": "https://access.redhat.com/security/cve/cve-2023-48795"
                },
                {
                    "url": "https://github.com/mwiede/jsch/pull/461"
                },
                {
                    "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
                },
                {
                    "url": "https://github.com/libssh2/libssh2/pull/1291"
                },
                {
                    "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
                },
                {
                    "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
                },
                {
                    "url": "https://github.com/rapier1/hpn-ssh/releases"
                },
                {
                    "url": "https://github.com/proftpd/proftpd/issues/456"
                },
                {
                    "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
                },
                {
                    "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
                },
                {
                    "url": "https://oryx-embedded.com/download/#changelog"
                },
                {
                    "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
                },
                {
                    "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
                },
                {
                    "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
                },
                {
                    "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
                },
                {
                    "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
                },
                {
                    "url": "https://crates.io/crates/thrussh/versions"
                },
                {
                    "url": "https://github.com/NixOS/nixpkgs/pull/275249"
                },
                {
                    "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
                },
                {
                    "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
                },
                {
                    "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
                },
                {
                    "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
                },
                {
                    "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
                },
                {
                    "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
                },
                {
                    "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
                },
                {
                    "url": "https://github.com/apache/mina-sshd/issues/445"
                },
                {
                    "url": "https://github.com/hierynomus/sshj/issues/916"
                },
                {
                    "url": "https://github.com/janmojzis/tinyssh/issues/81"
                },
                {
                    "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
                },
                {
                    "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
                },
                {
                    "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
                },
                {
                    "name": "FEDORA-2023-0733306be9",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
                },
                {
                    "name": "DSA-5586",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://www.debian.org/security/2023/dsa-5586"
                },
                {
                    "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
                },
                {
                    "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
                },
                {
                    "url": "https://filezilla-project.org/versions.php"
                },
                {
                    "url": "https://nova.app/releases/#v11.8"
                },
                {
                    "url": "https://roumenpetrov.info/secsh/#news20231220"
                },
                {
                    "url": "https://www.vandyke.com/products/securecrt/history.txt"
                },
                {
                    "url": "https://help.panic.com/releasenotes/transmit5/"
                },
                {
                    "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
                },
                {
                    "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
                },
                {
                    "url": "https://winscp.net/eng/docs/history#6.2.2"
                },
                {
                    "url": "https://www.bitvise.com/ssh-client-version-history#933"
                },
                {
                    "url": "https://github.com/cyd01/KiTTY/issues/520"
                },
                {
                    "name": "DSA-5588",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://www.debian.org/security/2023/dsa-5588"
                },
                {
                    "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
                },
                {
                    "url": "https://news.ycombinator.com/item?id=38732005"
                },
                {
                    "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
                },
                {
                    "name": "GLSA-202312-16",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://security.gentoo.org/glsa/202312-16"
                },
                {
                    "name": "GLSA-202312-17",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://security.gentoo.org/glsa/202312-17"
                },
                {
                    "name": "FEDORA-2023-20feb865d8",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
                },
                {
                    "name": "FEDORA-2023-cb8c606fbb",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
                },
                {
                    "name": "FEDORA-2023-e77300e4b5",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
                },
                {
                    "name": "FEDORA-2023-b87ec6cf47",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
                },
                {
                    "name": "FEDORA-2023-153404713b",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
                },
                {
                    "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
                },
                {
                    "name": "FEDORA-2024-3bb23c77f3",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
                },
                {
                    "name": "FEDORA-2023-55800423a8",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
                },
                {
                    "name": "FEDORA-2024-d946b9ad25",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
                },
                {
                    "name": "FEDORA-2024-71c2c6526c",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
                },
                {
                    "name": "FEDORA-2024-39a8c72ea9",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
                },
                {
                    "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
                },
                {
                    "name": "FEDORA-2024-ae653fb07b",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
                },
                {
                    "name": "FEDORA-2024-2705241461",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
                },
                {
                    "name": "FEDORA-2024-fb32950d11",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
                },
                {
                    "name": "FEDORA-2024-7b08207cdb",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
                },
                {
                    "name": "FEDORA-2024-06ebb70bdd",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
                },
                {
                    "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
                },
                {
                    "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
                },
                {
                    "name": "FEDORA-2024-a53b24023d",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
                },
                {
                    "name": "FEDORA-2024-3fd1bc9276",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
                },
                {
                    "url": "https://support.apple.com/kb/HT214084"
                },
                {
                    "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
                },
                {
                    "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
                },
                {
                    "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
                },
                {
                    "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "type": "text",
                            "lang": "en",
                            "description": "n/a"
                        }
                    ]
                }
            ]
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T21:46:27.255Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://matt.ucc.asn.au/dropbear/CHANGES",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.netsarang.com/en/xshell-update-history/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.paramiko.org/changelog.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.openssh.com/openbsd.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/openssh/openssh-portable/commits/master",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.bitvise.com/ssh-server-version-history",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/ronf/asyncssh/tags",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://gitlab.com/libssh/libssh-mirror/-/tags",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.openssh.com/txt/release-9.6",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.terrapin-attack.com",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/paramiko/paramiko/issues/2337",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://news.ycombinator.com/item?id=38684904",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://news.ycombinator.com/item?id=38685286",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
                    },
                    {
                        "url": "https://github.com/mwiede/jsch/issues/457",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security-tracker.debian.org/tracker/source-package/libssh2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://bugs.gentoo.org/920280",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://ubuntu.com/security/CVE-2023-48795",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://access.redhat.com/security/cve/cve-2023-48795",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/mwiede/jsch/pull/461",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/libssh2/libssh2/pull/1291",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/rapier1/hpn-ssh/releases",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/proftpd/proftpd/issues/456",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://oryx-embedded.com/download/#changelog",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://crates.io/crates/thrussh/versions",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/NixOS/nixpkgs/pull/275249",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
                    },
                    {
                        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
                    },
                    {
                        "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/apache/mina-sshd/issues/445",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/hierynomus/sshj/issues/916",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/janmojzis/tinyssh/issues/81",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "FEDORA-2023-0733306be9",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
                    },
                    {
                        "name": "DSA-5586",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://www.debian.org/security/2023/dsa-5586"
                    },
                    {
                        "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://filezilla-project.org/versions.php",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://nova.app/releases/#v11.8",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://roumenpetrov.info/secsh/#news20231220",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.vandyke.com/products/securecrt/history.txt",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://help.panic.com/releasenotes/transmit5/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://winscp.net/eng/docs/history#6.2.2",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.bitvise.com/ssh-client-version-history#933",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/cyd01/KiTTY/issues/520",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "DSA-5588",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://www.debian.org/security/2023/dsa-5588"
                    },
                    {
                        "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://news.ycombinator.com/item?id=38732005",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
                    },
                    {
                        "name": "GLSA-202312-16",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://security.gentoo.org/glsa/202312-16"
                    },
                    {
                        "name": "GLSA-202312-17",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://security.gentoo.org/glsa/202312-17"
                    },
                    {
                        "name": "FEDORA-2023-20feb865d8",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
                    },
                    {
                        "name": "FEDORA-2023-cb8c606fbb",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
                    },
                    {
                        "name": "FEDORA-2023-e77300e4b5",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
                    },
                    {
                        "name": "FEDORA-2023-b87ec6cf47",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
                    },
                    {
                        "name": "FEDORA-2023-153404713b",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
                    },
                    {
                        "url": "https://security.netapp.com/advisory/ntap-20240105-0004/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "FEDORA-2024-3bb23c77f3",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
                    },
                    {
                        "name": "FEDORA-2023-55800423a8",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
                    },
                    {
                        "name": "FEDORA-2024-d946b9ad25",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
                    },
                    {
                        "name": "FEDORA-2024-71c2c6526c",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
                    },
                    {
                        "name": "FEDORA-2024-39a8c72ea9",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
                    },
                    {
                        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "FEDORA-2024-ae653fb07b",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
                    },
                    {
                        "name": "FEDORA-2024-2705241461",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
                    },
                    {
                        "name": "FEDORA-2024-fb32950d11",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
                    },
                    {
                        "name": "FEDORA-2024-7b08207cdb",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
                    },
                    {
                        "name": "FEDORA-2024-06ebb70bdd",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
                    },
                    {
                        "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
                    },
                    {
                        "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
                    },
                    {
                        "name": "FEDORA-2024-a53b24023d",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
                    },
                    {
                        "name": "FEDORA-2024-3fd1bc9276",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
                    },
                    {
                        "url": "https://support.apple.com/kb/HT214084",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
                    },
                    {
                        "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
                    },
                    {
                        "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
                    },
                    {
                        "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
                    }
                ]
            }
        ]
    }
}