CVE-2023-25136
Published: 03 February 2023
Summary
CVE-2023-25136 is a medium-severity Double Free (CWE-415) vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
OpenSSH server (sshd) version 9.1 contains a double-free vulnerability (CWE-415) during handling of options.kex_algorithms. The flaw was introduced in that release and is fixed in OpenSSH 9.2, affecting the sshd daemon in its default configuration.
An unauthenticated remote attacker can trigger the double free over the network to jump to an arbitrary location in the sshd address space. Third-party analysis notes that remote code execution is theoretically possible, although the CVSS 6.5 rating reflects high attack complexity and limits impact primarily to integrity and availability.
The referenced oss-security mailing list threads discuss the issue and confirm availability of the 9.2 patch that eliminates the double-free condition.
The associated EPSS score reached a peak of 0.9097 with a current value of 0.8833.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-29115
Vulnerability details
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd…
more
address space. One third-party report states "remote code execution is theoretically possible."
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.