6.5

CVE-2023-25136

Exploit

EPSS 90.54%
Veröffentlicht 03.02.2023 06:15:09
Zuletzt bearbeitet 21.11.2024 07:49:10
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version9.1

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ A250 Firmware Version-

Netapp ≫ A250 Version-

Netapp ≫ 500f Firmware Version-

Netapp ≫ 500f Version-

Netapp ≫ C250 Firmware Version-

Netapp ≫ C250 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	90.54%	0.996

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

http://www.openwall.com/lists/oss-security/2023/02/13/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/02/22/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/02/22/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/02/23/3

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/03/06/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2023/03/09/2

Third Party Advisory

Mailing List

https://bugzilla.mindrot.org/show_bug.cgi?id=3522

Third Party Advisory

Exploit

Issue Tracking

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig

Patch

Vendor Advisory

https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946

Patch

Third Party Advisory

https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/

Third Party Advisory

Exploit

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/

https://news.ycombinator.com/item?id=34711565

Third Party Advisory

Issue Tracking

https://security.gentoo.org/glsa/202307-01

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230309-0003/

Third Party Advisory

https://www.openwall.com/lists/oss-security/2023/02/02/2

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-25136

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25136

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25136

EUVD