| Product and affected versions: OpenSSH 9.1 | |
| Severity and CEV ID: CVE-2023-25136, pre-authentication double free vulnerability | |
| Vulnerability: OpenSSH server (sshd) contains a memory safety vulnerability that results in a double free in the unprivileged sshd process. The flaw occurs in the chunk of memory freed twice, the “options.kex_algorithms.” | |
| How attack works: Double free flaws occur when a vulnerable piece of code calls the free() function twice, leading to memory corruption that could lead to a crash or execution of arbitrary code. However, the vulnerability is not believed to be exploitable, as it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms. | |
| Remediations: OpenSSH 9.2 has been released to address the vulnerability. Users are recommended to update to OpenSSH 9.2 to mitigate potential security threats. | |
| https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://thehackernews.com/2023/02/openssh-patches-memory-safety-bug-in.html |
