CVE - CVE-2023-25136

CVE-ID
CVE-2023-25136	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0003/ FEDORA:FEDORA-2023-1176c8b10c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/ FEDORA:FEDORA-2023-123647648e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/ GENTOO:GLSA-202307-01 URL:https://security.gentoo.org/glsa/202307-01 MISC:https://bugzilla.mindrot.org/show_bug.cgi?id=3522 MISC:https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig MISC:https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 MISC:https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ MISC:https://news.ycombinator.com/item?id=34711565 MISC:https://www.openwall.com/lists/oss-security/2023/02/02/2 MLIST:[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/02/13/1 MLIST:[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/02/22/2 MLIST:[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/02/22/1 MLIST:[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/02/23/3 MLIST:[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/03/06/1 MLIST:[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) URL:http://www.openwall.com/lists/oss-security/2023/03/09/2
Assigning CNA
MITRE Corporation
Date Record Created
20230203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)