CVE-2019-16905

7.8HIGH

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 9 October 2019

Summary

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

References

https://www.openssh.com/releasenotes.html

https://www.openwall.com/lists/oss-security/2019/10/09/1

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2019
Vulnerability Reserved
Sep 26, 2019