6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during
options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double
free can be leveraged, by an unauthenticated remote attacker in the default
configuration, to jump to any location in the sshd address space. One
third-party report states “remote code execution is theoretically
possible.”
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
rodrigo-zaiden | issue introduced in OpenSSH 9.1, hence, not affecting any current Ubuntu releases. The commit that introduced the issue is 486c4dc3b83b4b67d663fb0fa62bc24138ec3946. |
jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
launchpad.net/bugs/cve/CVE-2023-25136
nvd.nist.gov/vuln/detail/CVE-2023-25136
security-tracker.debian.org/tracker/CVE-2023-25136
www.cve.org/CVERecord?id=CVE-2023-25136
www.openwall.com/lists/oss-security/2023/02/02/2
www.openwall.com/lists/oss-security/2023/02/13/1
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%