CVE-2021-28041

7.1HIGH

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 5 March 2021

Summary

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

References

https://www.openssh.com/security.html

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/03/03/1

x_refsource_MISC

https://github.com/openssh/openssh-portable/commit/e04fd6...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2021
Vulnerability Reserved
Mar 5, 2021