Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-28041

Related Vulnerabilities: CVE-2021-28041  

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Source

Description

The MITRE CVE dictionary describes this issue as:

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Statement

This issue doesn't affected any versions of the openssh packaged as shipped with Red Hat Enterprise Linux 6, 7 and 8. The issues was introduced in openssh 8.2 whilst the most recent openssh version available for Red Hat Enterprise Linux 8 is based on openssh 8.0.

This issue doesn't affected any versions of the openssh packaged as shipped with Red Hat Enterprise Linux 6, 7 and 8. The issues was introduced in openssh 8.2 whilst the most recent openssh version available for Red Hat Enterprise Linux 8 is based on openssh 8.0.

Additional Information

  • Bugzilla 1935055: CVE-2021-28041 openssh: double-free memory corruption may lead to arbitrary code execution
  • CWE-416: Use After Free
  • FAQ: Frequently asked questions about CVE-2021-28041

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started