OpenSSH Vulnerabilities on CVE-2025-26465, CVE-2023-38408 and CVE-2023-48795 Site Recovery manager.
Article ID: 406526
Updated On:
Products
Issue/Introduction
Symptoms:
Below listed CVEs have been identified in Site recovery manager.
- CVE-2025-26465,
- CVE-2023-38408
- CVE-2023-48795
Environment
Cause
CVE-2025-26465 - This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
CVE-2023-38408 - OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
CVE-2023-48795 - SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted ,client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers.
Resolution
VMware By Broadcom is aware of CVE's CVE-2025-26465 , CVE-2023-38408 and CVE-2023-48795.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support
Additional Information
When there is a vulnerability which is a false positive then, please report this via a support case. Include the following information:
- The vulnerability in question
- Version of the product that's been installed
Feedback
