CVE Vulnerability

CVE-2023-25136

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig Patch Vendor Advisory
https://bugzilla.mindrot.org/show_bug.cgi?id=3522 Exploit Issue Tracking
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/02/2 Exploit Mailing List
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ Exploit Third Party Advisory
https://news.ycombinator.com/item?id=34711565 Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/13/1
http://www.openwall.com/lists/oss-security/2023/02/22/1
http://www.openwall.com/lists/oss-security/2023/02/22/2
http://www.openwall.com/lists/oss-security/2023/02/23/3
Configurations

Configuration 1

cpe:2.3:a:openssh:openssh:9.1:*:*:*:*:*:*:*
Information

Published : 2023-02-03 06:15

Updated : 2023-02-23 07:15

NVD link : CVE-2023-25136

Mitre link : CVE-2023-25136

Products Affected

Openssh

CWE
CWE-415