CVE-2021-28041

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-28041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28041
Downstream
Related
Published
2021-03-05T21:15:13Z
Modified
2025-10-15T12:46:34.020672Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

References

Affected packages

Git / github.com/openssh/openssh-portable

Affected ranges

Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e04fd6dde16de1cdc5a4d9946397ff60d96568db

Affected versions

Other

ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
V_5_0_P1
V_5_1_P1
V_5_2_P1
V_5_5_P1
V_5_7_P1
V_6_0_P1
V_6_1_P1
V_6_2_P1
V_6_5_P1
V_6_6_P1
V_6_8_P1
V_6_9_P1
V_7_0_P1
V_7_1_P1
V_7_2_P1
V_7_3_P1
V_7_4_P1
V_7_5_P1
V_7_6_P1
V_7_7_P1
V_7_8_P1
V_7_9_P1
V_8_0_P1
V_8_1_P1
V_8_2_P1
V_8_4_P1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2021-28041-54d2e7a4",
        "deprecated": false,
        "digest": {
            "length": 1924.0,
            "function_hash": "173721609678640022569229149022258778798"
        },
        "target": {
            "file": "ssh-agent.c",
            "function": "parse_key_constraints"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2021-28041-cc2d2809",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "324971150381275214664383765392462492057",
                "35905711137950555800092955147616975381",
                "280800082751440415410409700843773412685",
                "318550751993613194314048368639682994639",
                "23868655624994298100487727056333202425",
                "244436830645919759774327638059848338439",
                "138698284080572836105280785656899991409",
                "9033034855088479321430157709782700466",
                "22142238223153571879023637285005129557",
                "315858932437975382361183511281580444358",
                "130557074698110042526433579895989775636",
                "7204549947729823870957182181547536953",
                "12905892664167437594451645232613297006",
                "251529289733491831195606371359111162841",
                "177830966528718040299332634458005032145",
                "300704592333704606881024397315264096894",
                "68152159178091995237554110289214196491",
                "42494124541627447269898043180593590915",
                "320556485030812218659014383741631871437",
                "45773691422799354331400538358277572791",
                "335506426304232459784018911527655716968",
                "27372044304831879860737029270393640383",
                "11763002217097802034849258435513820168",
                "179353741159705671161838348933242658738",
                "132689354122742414813436913087274689603",
                "276709306755959814709495100166592554722",
                "201316834310946316723168081310699223421",
                "31057859855805322736544100297993687144",
                "67458982881632147371297786351558915464",
                "210119245347920818543600782909998763594",
                "298580235221410405037933958555305990514",
                "230867662602832817172801273969801275237",
                "257317866508291513551827951352472141289",
                "156807975548369884606722121595578079334",
                "217533324983926179349196893136226159663",
                "228052322752471493904247006065340830411",
                "19343026518483286429571420720135249122",
                "52740631499272546572241872874122645700",
                "293545585449308818808614482901873786474",
                "213973480703754722932643826614376146315",
                "205809471667994677532772237759843236565",
                "185771526080875152586087482394292594138",
                "68582630296210109857337873522774019276",
                "317829200174240480595834472274198551587",
                "25969414358095763520215986723486496854",
                "305057446643197618251565596522664715218",
                "220799416411745608988007735748224964625",
                "3737787432264992221489305885454501991",
                "5987319637948977260788526897195828862",
                "295351319855857503779798914695957240442",
                "182628650296767461325031325004207257089",
                "5567271653036731993773606933928643760",
                "281936189076271707487423718223517656085",
                "252971503687169575314980099775864002377",
                "312662942297556533828555981998666086405",
                "320188348619438627560905104538012183513",
                "46318002341445417061280095446445292710",
                "228488892499046990093112581310345343536",
                "266224181901350862297255464861723612262",
                "139876278825664430322184869733137169697",
                "75254383951828371494544163797067708531",
                "105137070746241836500261971050361345422",
                "27021730741084737657888832983194732839",
                "329775737164426552044250829181369536038",
                "291980543041481269177220703457798473613",
                "335550709427082525744292039239532841257",
                "197956281668168479602287881718216497682",
                "275305622603090741574960876279052419595",
                "142801784165815353799613356095685606474",
                "112652594150436027541652195151470919916",
                "175896571450895747164708549567741093168",
                "39725264024330242304658532467622498290",
                "62229998599115727890169580349558021065",
                "261950695957889776154455739945391283946",
                "38473914387751692624208705528354576224",
                "205494285796625171649268972624455690184",
                "24906064940423552919215091837724729278",
                "37315012930265623375129898211640829232",
                "461858003746993622093163016771701652",
                "154218190964193173632405916855073315430",
                "274369461503223323845070479388222163445",
                "267868390585593816517915983992887850017",
                "320442894666120266923014174087720628845",
                "278189631706181824681136260371129073784"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "ssh-agent.c"
        },
        "source": "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db",
        "signature_type": "Line",
        "signature_version": "v1"
    }
]