Integer Overflow Vulnerability in OpenSSH Affects Key Parsing
CVE-2019-16905

7.8HIGH

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 9 October 2019

Summary

OpenSSH versions 7.7 through 7.9 and 8.x prior to version 8.1 may be prone to an integer overflow vulnerability when compiled with an experimental XMSS key type. This issue occurs during the pre-authentication phase and arises from an error in the XMSS key parsing algorithm, potentially leading to memory corruption and enabling local code execution. The XMSS implementation remains experimental across all released OpenSSH versions, and there is no officially supported method to activate it in portable builds.

References

https://www.openssh.com/releasenotes.html

https://www.openwall.com/lists/oss-security/2019/10/09/1

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2019
Vulnerability Reserved
Sep 26, 2019