CVE Vulnerabilities

CVE-2021-28041

Double Free

Published: Mar 05, 2021 | Modified: Nov 07, 2023
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:N/AC:H/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Openssh Openbsd 8.2 *

Potential Mitigations

References