Vulnerability Details : CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-28041
- cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*
Threat overview for CVE-2021-28041
Top countries where our scanners detected CVE-2021-28041
Top open port discovered on systems with this issue
22
IPs affected by CVE-2021-28041 15,427,533
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-28041!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-28041
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-28041
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:N/AC:H/Au:S/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2021-28041
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-28041
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/
Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210416-0002/
CVE-2021-28041 OpenSSH Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Third Party Advisory
-
https://www.openssh.com/txt/release-8.5
Release Notes;Vendor Advisory
-
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own · openssh/openssh-portable@e04fd6d · GitHubPatch;Third Party Advisory
-
https://www.openssh.com/security.html
OpenSSH: SecurityNot Applicable;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/
[SECURITY] Fedora 33 Update: openssh-8.4p1-7.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202105-35
OpenSSH: Multiple vulnerabilities (GLSA 202105-35) — Gentoo securityThird Party Advisory
-
https://www.openwall.com/lists/oss-security/2021/03/03/1
oss-security - Announce: OpenSSH 8.5 releasedMailing List;Patch;Third Party Advisory
Jump to