QwikSec

Security Database

CVE

CWE

Training

CVE-2023-25136

Published: Feb 3, 2023

Modified: May 28, 2026

PUBLISHED

Description

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig

https://www.openwall.com/lists/oss-security/2023/02/02/2

https://bugzilla.mindrot.org/show_bug.cgi?id=3522

https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946

https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/

https://news.ycombinator.com/item?id=34711565

[oss-security] 20230213 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

[oss-security] 20230222 Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

[oss-security] 20230222 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

[oss-security] 20230223 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

[oss-security] 20230306 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

[oss-security] 20230309 Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)

mailing-list

https://security.netapp.com/advisory/ntap-20230309-0003/

FEDORA-2023-1176c8b10c

vendor-advisory

FEDORA-2023-123647648e

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.