CVE-2021-28041

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 7.1

CVSS2: 4.6

EPSS Низкий

Описание

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Ссылки

https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/
https://security.gentoo.org/glsa/202105-35
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210416-0002/
Third Party Advisory
https://www.openssh.com/security.html
Not Applicable
Vendor Advisory
https://www.openssh.com/txt/release-8.5
Release Notes
Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/03/03/1
Mailing List
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/
https://security.gentoo.org/glsa/202105-35
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210416-0002/
Third Party Advisory
https://www.openssh.com/security.html
Not Applicable
Vendor Advisory
https://www.openssh.com/txt/release-8.5
Release Notes
Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/03/03/1
Mailing List
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия от 8.2 (включая) до 8.5 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00213

Низкий

7.1 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-415

Связанные уязвимости

CVE-2021-28041

CVSS3: 7.1

ubuntu

больше 4 лет назад

CVE-2021-28041

CVSS3: 7.1

redhat

больше 4 лет назад

CVE-2021-28041

CVSS3: 7.1

msrc

больше 4 лет назад

Описание отсутствует

CVE-2021-28041

CVSS3: 7.1

debian

больше 4 лет назад

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...

openSUSE-SU-2021:4153-1

suse-cvrf

больше 3 лет назад

Security update for openssh

EPSS

Процентиль: 44%

0.00213

Низкий

7.1 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-415