CVE-2023-25136

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-415
View all →

Vulnerability Description

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

Related Vulnerabilities

CVE-2011-1803

MEDIUM
CVSS:6.5(Medium)

An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.

CWE-4152011

CVE-2015-1207

MEDIUM
CVSS:6.5(Medium)

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

CWE-4152015

CVE-2015-1239

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craft...

CWE-4152015

CVE-2017-12925

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.

CWE-4152017

CVE-2017-15186

MEDIUM
CVSS:6.5(Medium)

Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.

CWE-4152017

CVE-2017-9287

MEDIUM
CVSS:6.5(Medium)

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged R...

CWE-4152017