Fluid Attacks Database

Description

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	openssh	>=0 <1:9.2p1-1	1:9.2p1-1
debian 12	openssh	>=0 <1:9.2p1-1	1:9.2p1-1
debian 14	openssh	>=0 <1:9.2p1-1	1:9.2p1-1
rpm rhel9	openssh	<0:8.7p1-29.el9_2	0:8.7p1-29.el9_2

Aliases

1. CVE-2023-251362. NVD-2023-251363. OSV-DEBIAN-2023-251364. OSV-2023-251365. SECURITY-TRACKER-CVE-2023-25136

References

1. https://github.com/jfrog/jfrog-CVE-2023-25136-OpenSSH_Double-Free

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.