OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
27 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Openbsd
Openbsd openssh |
|
CPE | cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:* |
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 Jul 2023, 19:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/ - Mailing List | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230309-0003/ - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/03/09/2 - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202307-01 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/ - Mailing List | |
First Time |
Netapp 500f
Netapp c250 Fedoraproject Netapp ontap Select Deploy Administration Utility Netapp a250 Fedoraproject fedora Netapp a250 Firmware Netapp 500f Firmware Netapp c250 Firmware Netapp |
20 Jul 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/03/06/1 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/02/13/1 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/02/22/1 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/02/23/3 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/02/22/2 - Mailing List, Third Party Advisory |
06 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Feb 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Feb 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." |
13 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Feb 2023, 01:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-415 | |
First Time |
Openssh
Openssh openssh |
|
References | (MISC) https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig - Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.mindrot.org/show_bug.cgi?id=3522 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://news.ycombinator.com/item?id=34711565 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/02/02/2 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 - Patch, Third Party Advisory | |
References | (MISC) https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:openssh:openssh:9.1:*:*:*:*:*:*:* |
08 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states "remote code execution is theoretically possible." | |
References |
|
03 Feb 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-03 06:15
Updated : 2024-02-27 15:15
NVD link : CVE-2023-25136
Mitre link : CVE-2023-25136
CVE.ORG link : CVE-2023-25136
JSON object : View
Products Affected
netapp
- a250
- a250_firmware
- 500f_firmware
- ontap_select_deploy_administration_utility
- c250
- 500f
- c250_firmware
openbsd
- openssh
fedoraproject
- fedora
CWE
CWE-415
Double Free