CVE-2021-28041

Name
CVE-2021-28041
Description
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
Release Notes https://www.openssh.com/txt/release-8.5
Mailing List https://www.openwall.com/lists/oss-security/2021/03/03/1
Not Applicable https://www.openssh.com/security.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/
Third Party Advisory https://security.netapp.com/advisory/ntap-20210416-0002/
Third Party Advisory https://security.gentoo.org/glsa/202105-35
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/
N/A https://www.oracle.com//security-alerts/cpujul2021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* openssh >= None < 8.5
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* openssh >= 8.2 < 8.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openssh 3.10-main 8.1_p1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.13-main 8.4_p1-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.12-main 8.3_p1-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.11-main 8.1_p1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable