{"id":"CVE-2021-28041","details":"ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.","modified":"2026-04-16T04:39:41.393654514Z","published":"2021-03-05T21:15:13.200Z","related":["SUSE-SU-2021:4153-1","openSUSE-SU-2021:4153-1","openSUSE-SU-2024:13842-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-35"},{"type":"ADVISORY","url":"https://www.openssh.com/security.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210416-0002/"},{"type":"ADVISORY","url":"https://www.openssh.com/txt/release-8.5"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2021/03/03/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssh/openssh-portable","events":[{"introduced":"8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8"},{"fixed":"d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98"},{"introduced":"0"},{"last_affected":"bf944e3794eff5413f2df1ef37cddf96918c6bde"},{"fixed":"e04fd6dde16de1cdc5a4d9946397ff60d96568db"}],"database_specific":{"versions":[{"introduced":"8.2"},{"fixed":"8.5"},{"introduced":"0"},{"last_affected":"8.8"}]}}],"versions":["V_8_2_P1","V_8_4_P1","V_8_5_P1","V_8_6_P1","V_8_7_P1","V_8_8_P1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"length":1924,"function_hash":"173721609678640022569229149022258778798"},"signature_type":"Function","source":"https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db","id":"CVE-2021-28041-54d2e7a4","deprecated":false,"target":{"file":"ssh-agent.c","function":"parse_key_constraints"}},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["324971150381275214664383765392462492057","35905711137950555800092955147616975381","280800082751440415410409700843773412685","318550751993613194314048368639682994639","23868655624994298100487727056333202425","244436830645919759774327638059848338439","138698284080572836105280785656899991409","9033034855088479321430157709782700466","22142238223153571879023637285005129557","315858932437975382361183511281580444358","130557074698110042526433579895989775636","7204549947729823870957182181547536953","12905892664167437594451645232613297006","251529289733491831195606371359111162841","177830966528718040299332634458005032145","300704592333704606881024397315264096894","68152159178091995237554110289214196491","42494124541627447269898043180593590915","320556485030812218659014383741631871437","45773691422799354331400538358277572791","335506426304232459784018911527655716968","27372044304831879860737029270393640383","11763002217097802034849258435513820168","179353741159705671161838348933242658738","132689354122742414813436913087274689603","276709306755959814709495100166592554722","201316834310946316723168081310699223421","31057859855805322736544100297993687144","67458982881632147371297786351558915464","210119245347920818543600782909998763594","298580235221410405037933958555305990514","230867662602832817172801273969801275237","257317866508291513551827951352472141289","156807975548369884606722121595578079334","217533324983926179349196893136226159663","228052322752471493904247006065340830411","19343026518483286429571420720135249122","52740631499272546572241872874122645700","293545585449308818808614482901873786474","213973480703754722932643826614376146315","205809471667994677532772237759843236565","185771526080875152586087482394292594138","68582630296210109857337873522774019276","317829200174240480595834472274198551587","25969414358095763520215986723486496854","305057446643197618251565596522664715218","220799416411745608988007735748224964625","3737787432264992221489305885454501991","5987319637948977260788526897195828862","295351319855857503779798914695957240442","182628650296767461325031325004207257089","5567271653036731993773606933928643760","281936189076271707487423718223517656085","252971503687169575314980099775864002377","312662942297556533828555981998666086405","320188348619438627560905104538012183513","46318002341445417061280095446445292710","228488892499046990093112581310345343536","266224181901350862297255464861723612262","139876278825664430322184869733137169697","75254383951828371494544163797067708531","105137070746241836500261971050361345422","27021730741084737657888832983194732839","329775737164426552044250829181369536038","291980543041481269177220703457798473613","335550709427082525744292039239532841257","197956281668168479602287881718216497682","275305622603090741574960876279052419595","142801784165815353799613356095685606474","112652594150436027541652195151470919916","175896571450895747164708549567741093168","39725264024330242304658532467622498290","62229998599115727890169580349558021065","261950695957889776154455739945391283946","38473914387751692624208705528354576224","205494285796625171649268972624455690184","24906064940423552919215091837724729278","37315012930265623375129898211640829232","461858003746993622093163016771701652","154218190964193173632405916855073315430","274369461503223323845070479388222163445","267868390585593816517915983992887850017","320442894666120266923014174087720628845","278189631706181824681136260371129073784"]},"signature_type":"Line","source":"https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db","id":"CVE-2021-28041-cc2d2809","deprecated":false,"target":{"file":"ssh-agent.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28041.json","vanir_signatures_modified":"2026-04-11T17:12:15Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}