CVE-2023-25136
Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Severity: MEDIUM
CVE ID: CVE-2023-25136
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Proof Of Concept
jfrog
Refrence: GitHub
ticofookfook
Refrence: GitHub
Christbowel
OpenSSH 9.1 vulnerability mass scan and exploit
Refrence: GitHub
adhikara13
OpenSSH Pre-Auth Double Free CVE-2023-25136 POC
Refrence: GitHub
nhakobyan685
OpenSSH 9.1 vulnerability mass scan and exploit
Refrence: GitHub
axylisdead
CVE-2023-25136 POC written by axylisdead
Refrence: GitHub
H4K6
OpenSSH 9.1漏洞大规模扫描和利用
Refrence: GitHub
Business1sg00d
Looking into the memory when sshd 9.1p1 aborts due to a double free bug.
Refrence: GitHub
malvika-thakur
OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept
Refrence: GitHub