VDB

ALPINE-CVE-2021-28041

ALPINE-CVE-2021-28041 PUBLISHED CVSS 7.099999904632568 HIGH

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.15openssh0, 5.1_p1-r1, 5.1_p1-r2
Alpine:v3.16openssh5.1_p1-r2, 8.2, 8.4
Alpine:v3.24openssh8.2
Alpine:v3.21openssh5.1_p1-r2, 5.2_p1-r0, 5.2_p1-r2
Alpine:v3.23openssh5.1_p1-r1, 0, 8.2
Alpine:v3.14openssh8.2, 0, 5.1_p1-r1
Alpine:v3.12openssh6.8_p1-r1, 6.8_p1-r2, 6.9_p1-r0
Alpine:v3.19openssh7.2, 7.2, 7.3
Alpine:v3.22openssh5.9_p1-r2, 5.1_p1-r2, 5.2_p1-r0
Alpine:v3.20openssh0, 6.8_p1-r1, 6.9_p1-r1
Alpine:v3.18openssh6.9_p1-r4, 7.1_p1-r0, 7.1_p2-r0
Alpine:v3.17openssh*, *, *
Alpine:v3.13openssh6.9_p1-r1, 5.1_p1-r1, 5.1p1-r0

Timeline

  • Mar 5, 2021 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›