Vulnerabilities

CVE-2023-25136

by Fred · 03/02/2023

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."

Date published : 2023-02-03

https://bugzilla.mindrot.org/show_bug.cgi?id=3522

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig

Similar

Tags: Cybersecurity Alert