6.5
CVE-2023-25136
- EPSS 89.96%
- Veröffentlicht 03.02.2023 06:15:09
- Zuletzt bearbeitet 28.05.2026 18:16:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Netapp ≫ A250 Firmware Version-
Netapp ≫ 500f Firmware Version-
Netapp ≫ C250 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 89.96% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
http://www.openwall.com/lists/oss-security/2023/02/13/1
http://www.openwall.com/lists/oss-security/2023/02/22/1
http://www.openwall.com/lists/oss-security/2023/02/22/2
http://www.openwall.com/lists/oss-security/2023/02/23/3
http://www.openwall.com/lists/oss-security/2023/03/06/1
http://www.openwall.com/lists/oss-security/2023/03/09/2
https://bugzilla.mindrot.org/show_bug.cgi?id=3522
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
https://news.ycombinator.com/item?id=34711565
https://security.gentoo.org/glsa/202307-01
https://security.netapp.com/advisory/ntap-20230309-0003/
https://www.openwall.com/lists/oss-security/2023/02/02/2