Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-25136HistoryFeb 03, 2023 - 6:15 a.m.
CVE-2023-25136
2023-02-0306:15:09
Debian Security Bug Tracker
security-tracker.debian.org
89
0.011 Low
EPSS
Percentile
84.4%
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states “remote code execution is theoretically possible.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssh | < 1:9.2p1-1 | openssh_1:9.2p1-1_all.deb |
| Debian | 11 | all | openssh | < 1:8.4p1-5+deb11u3 | openssh_1:8.4p1-5+deb11u3_all.deb |
| Debian | 10 | all | openssh | < 1:7.9p1-10+deb10u2 | openssh_1:7.9p1-10+deb10u2_all.deb |
| Debian | 999 | all | openssh | < 1:9.2p1-1 | openssh_1:9.2p1-1_all.deb |
| Debian | 13 | all | openssh | < 1:9.2p1-1 | openssh_1:9.2p1-1_all.deb |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2023-2479)
2023-07-31 00:00:00
Fedora: Security Advisory for openssh (FEDORA-2023-123647648e)
2023-04-20 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2023-2454)
2023-07-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2127
2023-02-28 10:34:46
nessus
nessus
EulerOS 2.0 SP10 : openssh (EulerOS-SA-2023-1959)
2023-05-18 00:00:00
EulerOS 2.0 SP10 : openssh (EulerOS-SA-2023-1981)
2023-05-18 00:00:00
Fedora 38 : openssh (2023-123647648e)
2023-04-20 00:00:00
prion
prion
Double free
2023-02-03 06:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: openssh-9.0p1-15.fc38
2023-04-19 01:40:35
[SECURITY] Fedora 37 Update: openssh-8.8p1-10.fc37
2023-04-18 01:32:15
githubexploit
githubexploit
Exploit for Double Free in Openbsd Openssh
2023-09-04 19:28:43
Exploit for Double Free in Openbsd Openssh
2023-04-28 19:46:03
Exploit for Double Free in Openbsd Openssh
2023-02-22 19:44:08
redhatcve
redhatcve
CVE-2023-25136
2023-02-07 06:57:18
almalinux
almalinux
Moderate: openssh security update
2023-05-09 00:00:00
f5
f5
K000132929 : OpenSSH vulnerability CVE-2023-25136
2023-03-10 00:00:00
cve
cve
CVE-2023-25136
2023-02-03 06:15:09
osv
osv
Moderate: openssh security update
2023-05-09 00:00:00
CVE-2023-25136
2023-02-03 06:15:09
wolfi
wolfi
CVE-2023-25136 vulnerabilities
2024-06-02 15:23:11
freebsd
freebsd
FreeBSD -- OpenSSH pre-authentication double free
2023-02-16 00:00:00
redhat
redhat
cvelist
cvelist
CVE-2023-25136
2023-02-03 00:00:00
cgr
cgr
CVE-2023-25136 vulnerabilities
2024-05-19 03:07:16
oraclelinux
oraclelinux
openssh security update
2023-05-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-25136 affecting package openssh 8.9p1-4
2024-06-02 15:22:43
CVE-2023-25136 affecting package openssh 8.9p1-3
2024-06-02 15:22:39
thn
thn
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
2023-02-06 09:55:00
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
2023-07-24 09:10:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:02.openssh
2023-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-25136
2023-02-03 00:00:00
qualysblog
qualysblog
CVE-2023-25136: Pre-Auth Double Free Vulnerability in OpenSSH Server 9.1
2023-02-03 19:37:22
gentoo
gentoo
OpenSSH: Remote Code Execution
2023-07-20 00:00:00
trellix
trellix
The Bug Report – February 2023 Edition
2023-03-01 00:00:00
The Bug Report – February 2023 Edition
2023-03-01 00:00:00
malwarebytes
malwarebytes
Update now! February's Patch Tuesday tackles three zero-days
2023-02-15 03:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00