From a8e227ca0a89aabb1d03178e7dc3f9af99f60819 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Tue, 14 Feb 2023 01:00:36 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2023/25xxx/CVE-2023-25136.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/2023/25xxx/CVE-2023-25136.json b/2023/25xxx/CVE-2023-25136.json
index d75b47448e7..354a696d69c 100644
--- a/2023/25xxx/CVE-2023-25136.json
+++ b/2023/25xxx/CVE-2023-25136.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states \"remote code execution is theoretically possible.\""
+                "value": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\""
             }
         ]
     },