Description
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
References (9)
Core 9
Core References
Not Applicable, Vendor Advisory x_refsource_misc
https://www.openssh.com/security.html
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/03/03/1
Patch, Third Party Advisory x_refsource_misc
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
Release Notes, Vendor Advisory x_refsource_misc
https://www.openssh.com/txt/release-8.5
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202105-35
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/
Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210416-0002/
Scores
CVSS v3
7.1
EPSS
0.0024
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (10)
fedoraproject/fedora
33
fedoraproject/fedora
34
netapp/cloud_backup
netapp/hci_compute_node_firmware
netapp/hci_management_node
netapp/hci_storage_node_firmware
netapp/solidfire
openbsd/openssh
8.2 - 8.5
oracle/communications_offline_mediation_controller
12.0.0.3.0
oracle/zfs_storage_appliance
8.8
Published
Mar 05, 2021
Tracked Since
Feb 18, 2026