The host is installed with OpenSSH before 8.5 and is prone to a double-free memory corruption vulnerability. A flaw is present in application, which fails to handle issues in ssh-agent. Successful exploitation could leads to unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.