CVE Vulnerabilities

CVE-2021-28041

Double Free

Published: Mar 05, 2021 | Modified: Nov 21, 2024
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.1 MODERATE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name Vendor Start Version End Version
Openssh Openbsd 8.2 (including) 8.5 (excluding)
Openssh Ubuntu devel *
Openssh Ubuntu esm-infra/focal *
Openssh Ubuntu focal *
Openssh Ubuntu groovy *
Openssh Ubuntu trusty *
Openssh-ssh1 Ubuntu upstream *

Potential Mitigations

References