Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-25136

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Feb, 2023 | 00:00
Updated At-02 Aug, 2024 | 11:18
Rejected At-
Credits

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Feb, 2023 | 00:00
Updated At:02 Aug, 2024 | 11:18
Rejected At:
▼CVE Numbering Authority (CNA)

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
N/A
https://www.openwall.com/lists/oss-security/2023/02/02/2
N/A
https://bugzilla.mindrot.org/show_bug.cgi?id=3522
N/A
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
N/A
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
N/A
https://news.ycombinator.com/item?id=34711565
N/A
http://www.openwall.com/lists/oss-security/2023/02/13/1
mailing-list
http://www.openwall.com/lists/oss-security/2023/02/22/1
mailing-list
http://www.openwall.com/lists/oss-security/2023/02/22/2
mailing-list
http://www.openwall.com/lists/oss-security/2023/02/23/3
mailing-list
http://www.openwall.com/lists/oss-security/2023/03/06/1
mailing-list
http://www.openwall.com/lists/oss-security/2023/03/09/2
mailing-list
https://security.netapp.com/advisory/ntap-20230309-0003/
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
vendor-advisory
https://security.gentoo.org/glsa/202307-01
vendor-advisory
Hyperlink: https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2023/02/02/2
Resource: N/A
Hyperlink: https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Resource: N/A
Hyperlink: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Resource: N/A
Hyperlink: https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
Resource: N/A
Hyperlink: https://news.ycombinator.com/item?id=34711565
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/13/1
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/1
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/2
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/23/3
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/06/1
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/09/2
Resource:
mailing-list
Hyperlink: https://security.netapp.com/advisory/ntap-20230309-0003/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/202307-01
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
x_transferred
https://www.openwall.com/lists/oss-security/2023/02/02/2
x_transferred
https://bugzilla.mindrot.org/show_bug.cgi?id=3522
x_transferred
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
x_transferred
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
x_transferred
https://news.ycombinator.com/item?id=34711565
x_transferred
http://www.openwall.com/lists/oss-security/2023/02/13/1
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/02/22/1
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/02/22/2
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/02/23/3
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/03/06/1
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/03/09/2
mailing-list
x_transferred
https://security.netapp.com/advisory/ntap-20230309-0003/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/202307-01
vendor-advisory
x_transferred
Hyperlink: https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
Resource:
x_transferred
Hyperlink: https://www.openwall.com/lists/oss-security/2023/02/02/2
Resource:
x_transferred
Hyperlink: https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Resource:
x_transferred
Hyperlink: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Resource:
x_transferred
Hyperlink: https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
Resource:
x_transferred
Hyperlink: https://news.ycombinator.com/item?id=34711565
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/13/1
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/1
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/2
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/23/3
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/06/1
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/09/2
Resource:
mailing-list
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230309-0003/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202307-01
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Feb, 2023 | 06:15
Updated At:27 Feb, 2024 | 15:15

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CPE Matches
OpenBSD
openbsd
>>openssh>>9.1
cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>ontap_select_deploy_administration_utility>>-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>a250_firmware>>-
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>a250>>-
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>500f_firmware>>-
cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>500f>>-
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>c250_firmware>>-
cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>c250>>-
cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-415Primarynvd@nist.gov
CWE ID: CWE-415
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2023/02/13/1cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/1cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/22/2cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/02/23/3cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/06/1cve@mitre.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/03/09/2cve@mitre.org
Mailing List
Third Party Advisory
https://bugzilla.mindrot.org/show_bug.cgi?id=3522cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sigcve@mitre.org
Patch
Vendor Advisory
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946cve@mitre.org
Patch
Third Party Advisory
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/cve@mitre.org
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/cve@mitre.org
N/A
https://news.ycombinator.com/item?id=34711565cve@mitre.org
Issue Tracking
Third Party Advisory
https://security.gentoo.org/glsa/202307-01cve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230309-0003/cve@mitre.org
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/02/2cve@mitre.org
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/13/1
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/1
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/22/2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/23/3
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/06/1
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/03/09/2
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGAUIXJ3TEKCRKVWFQ6GDAGQFTIIGQQP/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7LKQDFZWKYHQ65TBSH2X2HJQ4V2THS3/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://news.ycombinator.com/item?id=34711565
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202307-01
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230309-0003/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.openwall.com/lists/oss-security/2023/02/02/2
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2022-28390
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.15%
||
7 Day CHG~0.00%
Published-03 Apr, 2022 | 20:07
Updated-21 Nov, 2024 | 06:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxNetApp, Inc.Linux Kernel Organization, Inc
Product-fedoradebian_linuxlinux_kernelhci_baseboard_management_controllern/a
CWE ID-CWE-415
Double Free
CVE-2022-2509
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.91% / 75.36%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 14:01
Updated-02 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Action-Not Available
Vendor-n/aGNUFedora ProjectRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxgnutlsenterprise_linuxfedoraGnuTLS
CWE ID-CWE-415
Double Free
CVE-2017-9078
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.16% / 89.65%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

Action-Not Available
Vendor-dropbear_ssh_projectn/aDebian GNU/LinuxNetApp, Inc.
Product-h410c_firmwareh410cdebian_linuxdropbear_sshn/a
CWE ID-CWE-415
Double Free
CVE-2018-17825
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.51%
||
7 Day CHG~0.00%
Published-01 Oct, 2018 | 08:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

Action-Not Available
Vendor-adplug_projectn/aFedora Project
Product-adplugfedoran/a
CWE ID-CWE-415
Double Free
CVE-2017-6362
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 83.87%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-ubuntu_linuxlibgddebian_linuxfedoran/a
CWE ID-CWE-415
Double Free
CVE-2022-31117
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.59%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 17:30
Updated-23 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Double free of buffer during string decoding in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.

Action-Not Available
Vendor-ultrajson_projectultrajsonFedora Project
Product-ultrajsonfedoraultrajson
CWE ID-CWE-415
Double Free
CVE-2023-27320
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.64%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

Action-Not Available
Vendor-sudo_projectn/aFedora Project
Product-sudofedoran/a
CWE ID-CWE-415
Double Free
CVE-2021-28041
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 19:07
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Action-Not Available
Vendor-n/aOpenBSDNetApp, Inc.Fedora ProjectOracle Corporation
Product-zfs_storage_appliancehci_storage_nodecloud_backuphci_management_nodehci_storage_node_firmwarefedoraopensshcommunications_offline_mediation_controllerhci_compute_node_firmwarehci_compute_nodesolidfiren/a
CWE ID-CWE-415
Double Free
CVE-2025-32988
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.24%
||
7 Day CHG-0.01%
Published-10 Jul, 2025 | 08:04
Updated-22 Jan, 2026 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-gnutlsenterprise_linuxopenshift_container_platformRed Hat Ceph Storage 7Red Hat Insights proxy 1.5Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Discovery 2
CWE ID-CWE-415
Double Free
  • Previous
  • 1
  • 2
  • Next
Details not found