CVE-2023-46445
Published
CVSS v3
5.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework.
GitHub