CVE-2023-25136

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions 9.1 through 9.1

Description The issue is related to a double-free vulnerability in the options.kex algorithms handling of the OpenSSH server. This vulnerability can be leveraged by an unauthenticated remote attacker in the default configuration to potentially execute arbitrary code. The vulnerability is considered difficult to exploit due to modern memory allocators' protective measures and the separation of privileges and sandboxing implemented in the sshd process.

Recommendations For OpenSSH version 9.1, update to OpenSSH 9.2 to resolve the issue. As a temporary workaround, consider restricting access to the options.kex algorithms handling until a patch is available.

Exploit

Fix

RCE

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2023:2645

ALSA-2023_2645

ALSA-2024_1130

ALSA-2024_1150

ALSA-2025_16880

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2023-00711

CVE-2023-25136

ELSA-2023-2645

FREEBSD-SA-23_02

JLSEC-2026-66

OESA-2023-1063

OESA-2023-1064

RHSA-2023:2645

RHSA-2023_2645

ROSA-SA-2023-2127

Affected Products

Alt Linux

Almalinux

Astra Linux

Freebsd

Openssh

Red Hat

CVE-2023-25136

Weakness Enumeration

Related Identifiers

Affected Products

References · 67