CVE-2023-25136

Опубликовано: 03 фев. 2023

Источник: nvd

CVSS3: 6.5

EPSS Критический

Описание

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Ссылки

http://www.openwall.com/lists/oss-security/2023/02/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/23/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/06/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/09/2
Mailing List
Third Party Advisory
https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Exploit
Issue Tracking
Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
Patch
Vendor Advisory
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Patch
Third Party Advisory
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
https://news.ycombinator.com/item?id=34711565
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/202307-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0003/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/02/2
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/13/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/23/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90014

Критический

6.5 Medium

CVSS3

Дефекты

CWE-415

Связанные уязвимости

CVE-2023-25136

CVSS3: 6.5

ubuntu

больше 2 лет назад

CVE-2023-25136

CVSS3: 6.5

redhat

больше 2 лет назад

CVE-2023-25136

CVSS3: 6.5

debian

больше 2 лет назад

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...

GHSA-w62j-g234-3f6f

CVSS3: 9.8

github

больше 2 лет назад

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."

ELSA-2023-2645

oracle-oval

больше 2 лет назад

ELSA-2023-2645: openssh security update (MODERATE)

EPSS

Процентиль: 100%

0.90014

Критический

6.5 Medium

CVSS3

Дефекты

CWE-415