Approved changes feed: RSS · Atom

cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*

part: a version: 9.1 update: *

VendorOpenbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5)
ProductOpenssh (00fc4953-faf7-5f04-8d3d-4edd44206199)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-25136 vulnerable 2026-06-08 05:56:08.556904 Details available
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Published: 2023-02-03T00:00:00.000Z
Updated: 2026-05-28T17:43:14.037Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.