Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-28041

Published: 5 March 2021

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Notes

AuthorNote
seth-arnold
openssh-ssh1 is provided for compatibility with old devices that
cannot be upgraded to modern protocols. Thus we may not provide security
support for this package if doing so would prevent access to equipment.

Priority

Medium

Cvss 3 Severity Score

7.1

Score breakdown

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1:8.2p1-4ubuntu0.2)
groovy
Released (1:8.3p1-1ubuntu0.1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
openssh-ssh1
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream Ignored
(frozen on openssh 7.5p)
xenial Does not exist

Severity score breakdown

Parameter Value
Base score 7.1
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H