Zurück zur CVE-Übersicht
CVE-2023-25136
MEDIUM(6.5)CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Risk Signal Score43/100 — MITTEL
- CVSS 6.5 — Mittel
- EPSS 88% — sehr wahrscheinlich ausgenutzt
EPSS-Score
88%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.5
Technische Schwere
Beschreibung
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Referenzen
- http://www.openwall.com/lists/oss-security/2023/02/13/1
- http://www.openwall.com/lists/oss-security/2023/02/22/1
- http://www.openwall.com/lists/oss-security/2023/02/22/2
- http://www.openwall.com/lists/oss-security/2023/02/23/3
- http://www.openwall.com/lists/oss-security/2023/03/06/1
- http://www.openwall.com/lists/oss-security/2023/03/09/2
- https://bugzilla.mindrot.org/show_bug.cgi?id=3522
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
- https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc...
- https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-p...