Lucene search

[email protected]NVD:CVE-2021-28041

HistoryMar 05, 2021 - 9:15 p.m.

CVE-2021-28041

2021-03-0521:15:13

CWE-415

[email protected]

web.nvd.nist.gov

cve-2021-28041

ssh-agent

openssh

double free

legacy operating system

attacker-controlled host

CVSS2

4.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.8%

JSON

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Affected configurations

Nvd

Node

openbsdopensshRange8.2–8.5

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

netappcloud_backupMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

netapphci_compute_node_firmwareMatch-

AND

netapphci_compute_nodeMatch-

Node

netapphci_storage_node_firmwareMatch-

AND

netapphci_storage_nodeMatch-

Node

oraclecommunications_offline_mediation_controllerMatch12.0.0.3.0

oraclezfs_storage_applianceMatch8.8

VendorProductVersionCPE
openbsdopenssh*cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
netappcloud_backup-cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapphci_compute_node_firmware-cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
netapphci_storage_node_firmware-cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*
netapphci_storage_node-cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	openssh	*	cpe:2.3:a:openbsd:openssh::::::::
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
netapp	cloud_backup	-	cpe:2.3:a:netapp:cloud_backup:-:::::::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
netapp	hci_compute_node_firmware	-	cpe:2.3:o:netapp:hci_compute_node_firmware:-:::::::*
netapp	hci_compute_node	-	cpe:2.3:h:netapp:hci_compute_node:-:::::::*
netapp	hci_storage_node_firmware	-	cpe:2.3:o:netapp:hci_storage_node_firmware:-:::::::*
netapp	hci_storage_node	-	cpe:2.3:h:netapp:hci_storage_node:-:::::::*