7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.2%
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a
few less-common scenarios, such as unconstrained agent-socket access on a
legacy operating system, or the forwarding of an agent to an
attacker-controlled host.
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
launchpad.net/bugs/cve/CVE-2021-28041
nvd.nist.gov/vuln/detail/CVE-2021-28041
security-tracker.debian.org/tracker/CVE-2021-28041
ubuntu.com/security/notices/USN-4762-1
www.cve.org/CVERecord?id=CVE-2021-28041
www.openssh.com/security.html
www.openssh.com/txt/release-8.5
www.openwall.com/lists/oss-security/2021/03/03/1
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.2%