Skip to main content

CVE-2023-25136

Description

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

NVD
Severity: MEDIUM
CVE ID: CVE-2023-25136
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Refrence: NVDMITRE

Proof Of Concept

jfrog

Refrence: GitHub

ticofookfook

Refrence: GitHub

Christbowel

OpenSSH 9.1 vulnerability mass scan and exploit

Refrence: GitHub

adhikara13

OpenSSH Pre-Auth Double Free CVE-2023-25136 POC

Refrence: GitHub

nhakobyan685

OpenSSH 9.1 vulnerability mass scan and exploit

Refrence: GitHub

axylisdead

CVE-2023-25136 POC written by axylisdead

Refrence: GitHub

H4K6

OpenSSH 9.1漏洞大规模扫描和利用

Refrence: GitHub

Business1sg00d

Looking into the memory when sshd 9.1p1 aborts due to a double free bug.

Refrence: GitHub

malvika-thakur

OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8