OpenSSH 9.1 Double-Free RCE via kex_algorithms (sshd)
CVE-2023-25136 Published on February 3, 2023
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Products Associated with CVE-2023-25136
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-25136 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.