CVE-2021-28041

HIGH7.1EPSS 0.26%

發布日:2021/3/5修改日:2025/12/3

也稱為:ALPINE-CVE-2021-28041

描述

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

受影響套件(2)

Alpine/opensshfrom 0, < 8.3_p1-r2
Debian/opensshfrom 0, < 1:8.4p1-5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2021-28041
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-28041