CVE-2023-25136
high-risk
Published 2023-02-03
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Do I need to act?
!
88.3% chance of exploitation in next 30 days
EPSS score — higher than 12% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ HIGH complexity
Affected Products (7)
Affected Vendors
References (32)
Issue Tracking
https://news.ycombinator.com/item?id=34711565
Third Party Advisory
https://security.gentoo.org/glsa/202307-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0003/
and 12 more references
54
/ 100
high-risk
Severity
20/34 · Moderate
Exploitability
20/34 · Moderate
Exposure
14/34 · Moderate