CVE-2023-51384 Information

Description

In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys these constraints are only applied to the first key even if a PKCS11 token returns multiple keys.

Reference

https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b