CVE-2021-28041
Published: 5 March 2021
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Notes
Author | Note |
---|---|
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
Priority
Status
Package | Release | Status |
---|---|---|
openssh Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
bionic |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
focal |
Released
(1:8.2p1-4ubuntu0.2)
|
|
groovy |
Released
(1:8.3p1-1ubuntu0.1)
|
|
Patches: upstream: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db |
||
openssh-ssh1 Launchpad, Ubuntu, Debian |
upstream |
Ignored
(frozen on openssh 7.5p)
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Not vulnerable
(code not present)
|
|
focal |
Not vulnerable
(code not present)
|
|
groovy |
Not vulnerable
(code not present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 |
Attack vector | Network |
Attack complexity | High |
Privileges required | Low |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |