OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-03T00:00:00

Updated: 2024-08-02T11:18:35.552Z

Reserved: 2023-02-03T00:00:00

Link: CVE-2023-25136

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-03T06:15:09.350

Modified: 2024-11-21T07:49:10.877

Link: CVE-2023-25136

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-03T00:00:00Z

Links: CVE-2023-25136 - Bugzilla