---

CVE-2023-25136 - log back

CVE-2023-25136 edited at 27 Feb 2023 22:07:26
Remote	- Unknown + Remote
Description	+ pre-authentication double-free in unpriviledged sandboxed client process when the connecting clients banner causes the SSH_OLD_DHGEX to be set on the server
References	+ https://www.openwall.com/lists/oss-security/2023/02/02/2 + https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 + https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Notes	+ introduced in 9.1, actual exploitability still being investigated

CVE-2023-25136 created at 27 Feb 2023 21:58:15