๐Ÿ” CVE Alert

CVE-2023-25136

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Vendor n/a
Product n/a
Published Feb 3, 2023
Last Updated Aug 2, 2024
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new unknown vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
ftp.openbsd.org: https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig openwall.com: https://www.openwall.com/lists/oss-security/2023/02/02/2 bugzilla.mindrot.org: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 github.com: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 jfrog.com: https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ news.ycombinator.com: https://news.ycombinator.com/item?id=34711565 openwall.com: http://www.openwall.com/lists/oss-security/2023/02/13/1 openwall.com: http://www.openwall.com/lists/oss-security/2023/02/22/1 openwall.com: http://www.openwall.com/lists/oss-security/2023/02/22/2 openwall.com: http://www.openwall.com/lists/oss-security/2023/02/23/3 openwall.com: http://www.openwall.com/lists/oss-security/2023/03/06/1 openwall.com: http://www.openwall.com/lists/oss-security/2023/03/09/2 security.netapp.com: https://security.netapp.com/advisory/ntap-20230309-0003/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/ security.gentoo.org: https://security.gentoo.org/glsa/202307-01