Double Free Vulnerability in OpenSSH Affects Legacy Systems and Agent Forwarding
CVE-2021-28041

7.1HIGH

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
5 March 2021

Summary

A double free vulnerability exists in the ssh-agent component of OpenSSH versions before 8.5. This flaw can lead to potential exploitation in specific scenarios, such as when there is unconstrained access to the agent socket on outdated operating systems or if an agent is forwarded to a host controlled by an attacker. This presents a risk that could compromise the integrity and confidentiality of user sessions.

References

https://www.openssh.com/security.html
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/03/03/1
x_refsource_MISC
https://github.com/openssh/openssh-portable/commit/e04fd6...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.