CVE-2023-35812 Information

Description

An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2 because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.

Reference

https://alas.aws.amazon.com/cve/html/CVE-2023-35812.html