CVE-2023-25136 Information

Description

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however the vulnerability discoverer reports that xploiting this vulnerability will not be easy.\

Reference

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2