CVE-2023-25136

CVSS V2 None CVSS V3 None
Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Overview
  • CVE ID
  • CVE-2023-25136
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-02-03T06:15:09
  • Last Modified Date
  • 2023-04-19T04:15:31
Weakness Enumerations
CWE URL
CWE-415 http://cwe.mitre.org/data/definitions/415.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openssh:openssh:9.1:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2023/02/13/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/23/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/06/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/09/2
https://bugzilla.mindrot.org/show_bug.cgi?id=3522 Exploit Issue Tracking Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig Patch Vendor Advisory
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 Patch Third Party Advisory
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/ Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
https://news.ycombinator.com/item?id=34711565 Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0003/
https://www.openwall.com/lists/oss-security/2023/02/02/2 Exploit Mailing List Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-25136
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25136
History
Created Old Value New Value Data Type Notes
2023-04-17 07:08:44 Added to TrackCVE
2023-04-17 07:08:46 Weakness Enumeration new
2023-04-18 04:01:31 2023-04-18T03:15:07 CVE Modified Date updated
2023-04-18 04:01:33 References updated
2023-04-19 04:27:32 2023-04-19T04:15:31 CVE Modified Date updated
2023-04-19 04:27:33 References updated