oss-sec mailing list archives

Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH

From: "Theo de Raadt" <deraadt () openbsd org>
Date: Sun, 28 Sep 2025 22:10:05 -0600

Peter Gutmann <pgut001 () cs auckland ac nz> wrote:

The general feeling was that it's best just to grin and bear it, you're going
to get them at some point no matter what you do.


This is about two things:

1. a false claim of succesfull exploitation of OpenSSH in a paper.
2. a false claim based upon that paper lands in a CVE.

You are only talking about point 2.  We are talking about point 1 also.

We don't need to grin and bear either, but especially point 1.

Current thread:

Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH, (continued)
- - - Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
    - Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 27)
    - Re: Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Demi Marie Obenour (Sep 27)
    - Message not available
    - Re: CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 24)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 28)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Adiletta, Andrew (Sep 28)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 28)
    - Message not available
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Damien Miller (Sep 28)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 29)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann (Sep 29)
    - Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt (Sep 29)
- Re: CVE-2023-51767: a bogus CVE in OpenSSH Jacob Bachmeyer (Sep 22)