Vulnerability CVE-2021-28041references a double-free memory corruption may lead to arbitrary code execution in openssh

https://nvd.nist.gov/vuln/detail/CVE-2021-28041

Since CA PAM uses openssh, is the product vulnerable to this exploit ?

CA PAM release 4.0.1,4.1.0 and below

Vulnerability was introduced openssh 8.2 which comes with none of the releases available as of the writing of this document, so CA PAM is not vulnerable.