CVE-2023-25136 log

Source
Severity Unknown
Remote Yes
Type Unknown
Description
pre-authentication double-free in unpriviledged sandboxed client process when the connecting clients banner causes the SSH_OLD_DHGEX to be set on the server
Group Package Affected Fixed Severity Status Ticket
AVG-2832 openssh 9.1p1-3 9.2p1-1 Unknown Fixed
References
https://www.openwall.com/lists/oss-security/2023/02/02/2
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Notes
introduced in 9.1, actual exploitability still being investigated