Read Time:26 Second

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the extension info message. An attacker able to
intercept communications could possibly use this issue to downgrade
the algorithm used for client authentication. (CVE-2023-46445)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the user authentication request message. An
attacker could possibly use this issue to control the remote end of an SSH
client session via packet injection/removal and shell emulation.
(CVE-2023-46446)

Read More