DEBIAN-CVE-2023-25136

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-25136

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-25136.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-25136

Upstream

CVE-2023-25136

Published

2023-02-03T06:15:09Z

Modified

2025-09-25T22:40:44Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

References

https://security-tracker.debian.org/tracker/CVE-2023-25136

Affected packages

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.2p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.2p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.2p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}