| VID |
14157 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The version of OpenSSH installed on the remote host is 9.1. It is, therefore, affected by a double-free vulnerability during options.kex_algorithms handling.
The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that 'exploiting this vulnerability will not be easy.
* References:
https://www.openssh.com/txt/release-9.2
https://www.openwall.com/lists/oss-security/2023/02/02/2
* Platforms Affected:
OpenSSH prior to 9.1
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (9.2 or later), available from the OpenSSH Web site at http://www.openssh.org/ |
| Related URL |
CVE-2023-25136 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
