VDB
CVE-2023-25136
CVE-2023-25136
PUBLISHED
CVSS 8.699999809265137 HIGH
Es gibt eine "double-free"-Schwachstelle in OpenSSH, die während der Behandlung von "options.kex_algorithms" auftritt. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um möglicherweise beliebigen Code im Kontext des Service-Daemons auszuführen.
EPSS 88.33% · 99.5th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
88.33%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.12 | |
| Red Hat | Red Hat OpenShift Data Foundation <4.12.10 | |
| Gentoo | Gentoo Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.0 | |
| Fujitsu | Fujitsu Primergy | |
| Red Hat | Red Hat Enterprise Linux | |
| Meinberg | Meinberg LANTIME <7.08.007 | |
| Red Hat | Red Hat OpenShift Data Foundation <4.13.0 | |
| Oracle | Oracle Linux | |
| Atlassian | Atlassian Bitbucket <9.4.13 (LTS) | |
| NetApp | NetApp FAS | |
| NetApp | NetApp AFF | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.22 | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 | |
| Red Hat | Red Hat OpenShift Container Platform <4.13.4 | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat OpenShift | |
| Red Hat | Red Hat OpenShift Container Platform <4.11.44 |
…and 5 more
Exploit Intelligence
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker. (github-poc-repo)
- Lane0218/CVE-2023-25136-PoC (github-poc-repo)
- Lane0218/CVE-2023-25136-PoC (github-poc-repo)
…and 123 more exploits
Timeline
- Feb 2, 2023 CVE Published
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 10, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 15, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jul 8, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Aug 22, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0279.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0279 advisory
- https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSIRT-IS-2023-032200-Security-Notice.pdf advisory
- https://security.gentoo.org/glsa/202307-01 advisory
- https://oss.oracle.com/pipermail/el-errata/2023-May/013978.html advisory
- https://access.redhat.com/errata/RHSA-2023:2645 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-1176c8b10c advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-123647648e advisory
- https://security.netapp.com/advisory/ntap-20230309-0003/ advisory
- https://www.openssh.com/releasenotes.html advisory
- https://www.openbsd.org/errata72.html advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-23:02.openssh.asc advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1542.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1542 advisory
- https://access.redhat.com/errata/RHSA-2023:3742 advisory
- https://access.redhat.com/errata/RHSA-2023:3614 advisory
- https://access.redhat.com/errata/RHSA-2023:3615 advisory
- https://access.redhat.com/errata/RHSA-2023:3613 advisory
- https://access.redhat.com/errata/RHSA-2023:3918 advisory
- https://access.redhat.com/errata/RHSA-2023:3943 advisory
…and 45 more