ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
ssh-agent en OpenSSH versiones anteriores a 8.5, presenta una doble liberación que puede ser relevante en algunos escenarios menos comunes, como el acceso sin restricciones al socket del agente en un sistema operativo heredado o el reenvío de un agente a un host controlado por el atacante
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:H/Au:S/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | HIGH |
| Authentication | SINGLE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-415
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openbsd | openssh | * | <built-in method update of dict object at 0x72a9cd0c0440> | Application |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9cc60e4c0> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x72a9cd07bb00> | Operating System |
| netapp | cloud_backup | - | <built-in method update of dict object at 0x72a9cd0c02c0> | Application |
| netapp | hci_management_node | - | <built-in method update of dict object at 0x72a9cd0c10c0> | Application |
| netapp | solidfire | - | <built-in method update of dict object at 0x72a9cd0c2bc0> | Application |
| netapp | hci_compute_node_firmware | - | <built-in method update of dict object at 0x72a9cd07a0c0> | Operating System |
| netapp | hci_storage_node_firmware | - | <built-in method update of dict object at 0x72a9cd079640> | Operating System |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | <built-in method update of dict object at 0x72a9cd0c0bc0> | Application |
| oracle | zfs_storage_appliance | 8.8 | <built-in method update of dict object at 0x72a9cd0c1600> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:* |