Vulnerability CVE-2021-28041references a double-free memory corruption may lead to arbitrary code execution in openssh
https://nvd.nist.gov/vuln/detail/CVE-2021-28041
Since CA PAM uses openssh, is the product vulnerable to this exploit ?
CA PAM release 4.0.1,4.1.0 and below
Vulnerability was introduced openssh 8.2 which comes with none of the releases available as of the writing of this document, so CA PAM is not vulnerable.