The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
“This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms,” OpenSSH disclosed in its release notes on February 2, 2023.
Credited with reporting the flaw to OpenSSH in July 2022 is security researcher Mantas Mikulenas.
OpenSSH is the open source implementation of the secure shell (SSH) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture.
“The exposure occurs in the chunk of memory freed twice, the ‘options.kex_algorithms,'” Qualys researcher Saeed Abbasi said, adding the issue results in a “double free in the unprivileged sshd process.”