CVE-2021-28041

CWE-415 CWE-416 — Use After Free8 documents8 sources

Severity

7.1HIGH

EPSS

0.2%

top 52.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Fedoraproject Fedora Oracle Communications Offline Mediation Controller +1 more

Timeline

PublishedMar 5

Latest updateMay 24

Description

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDopenbsd/openssh8.2 — 8.5

▶Debianopenssh< 1:8.4p1-5+3

▶NVDoracle/zfs_storage_appliance8.8

▶NVDoracle/communications_offline_mediation_controller12.0.0.3.0

Also affects: Fedora 33, 34

Patches

Patch: github.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gp5m-rxrx-pfrj: ssh-agent in OpenSSH before 8↗2022-05-24

▶

CVEList

CVE-2021-28041: ssh-agent in OpenSSH before 8↗2021-03-05

▶

OSV

CVE-2021-28041: ssh-agent in OpenSSH before 8↗2021-03-05

▶

📋Vendor Advisories

Ubuntu

OpenSSH vulnerability↗2021-03-10

▶

Microsoft

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios such as unconstrained agent-socket access on a legacy operating system or the forwarding of an age↗2021-03-09

▶

Red Hat

openssh: double-free memory corruption may lead to arbitrary code execution↗2021-03-03

▶

Debian

CVE-2021-28041: openssh - ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few ...↗2021

▶