CVE-2023-25136 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-25136

CVE-2023-25136

February 03, 2023

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Related Resources (19)

http://www.openwall.com/lists/oss-security/2023/02/13/1

http://www.openwall.com/lists/oss-security/2023/03/09/2

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/

https://security-tracker.debian.org/tracker/CVE-2023-25136

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig

https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946

http://www.openwall.com/lists/oss-security/2023/02/22/1

https://security.gentoo.org/glsa/202307-01

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/

http://www.openwall.com/lists/oss-security/2023/03/06/1

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/