FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- OpenSSH pre-authentication double free

Affected packages
12.4 <= FreeBSD < 12.4_2

Details

VuXML ID 09b7cd39-47bd-11ee-8e38-002590c1f29c
Discovery 2023-02-16
Entry 2023-08-31

Problem Description:

A flaw in the backwards-compatibility key exchange route allows a pointer to be freed twice.

Impact:

A remote, unauthenticated attacker may be able to cause a denial of service, or possibly remote code execution.

Note that FreeBSD 12.3 and FreeBSD 13.1 include older versions of OpenSSH, and are not affected. FreeBSD 13.2-BETA1 and later include the fix.

References

CVE Name CVE-2023-25136
FreeBSD Advisory SA-23:02.openssh