“This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms,” OpenSSH disclosed in its release notes on February 2, 2023.