Approved changes feed: RSS · Atom
cpe:2.3:a:openbsd:openssh:9.1:*:*:*:*:*:*:*
part: a version: 9.1 update: *
| Vendor | Openbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5) |
|---|---|
| Product | Openssh (00fc4953-faf7-5f04-8d3d-4edd44206199) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-25136 |
vulnerable | 2026-06-08 05:56:08.556904 |
Details available
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Published: 2023-02-03T00:00:00.000Z
Updated: 2026-05-28T17:43:14.037Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.