A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1.
