{
  "threat_severity" : "Moderate",
  "public_date" : "2023-02-03T00:00:00Z",
  "bugzilla" : {
    "description" : "openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability",
    "id" : "2167636",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2167636"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"", "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2645",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "openssh-0:8.7p1-29.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2645",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "openssh-0:8.7p1-29.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "openssh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "openssh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "openssh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-25136\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25136\nhttps://bugzilla.mindrot.org/show_bug.cgi?id=3522\nhttps://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig\nhttps://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946\nhttps://www.openwall.com/lists/oss-security/2023/02/02/2" ],
  "name" : "CVE-2023-25136",
  "csaw" : false
}