cbcvebase.
CVE-2019-16905
published 2019-10-09

CVE-2019-16905: OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is…

PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
2.17%
80.0th percentile
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:8.1p1-1 (bookworm)openssh 1:8.1p1-1 (bookworm)
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_openssh_8.0p1-9_on_cbl_mariner_1.0
openbsdopenssh>= 0 < 1:8.1p1-11:8.1p1-1
openbsdopenssh>= 0 < 1:8.1p1-11:8.1p1-1
openbsdopenssh>= 0 < 1:8.1p1-11:8.1p1-1
openbsdopenssh>= 0 < 1:8.1p1-11:8.1p1-1
openbsdopenssh7.7 – 7.9
openbsdopenssh>= 8.0 < 8.18.1
paloaltopan-os
siemensscalance_x204rna_ecc_firmware< 3.2.73.2.7
siemensscalance_x204rna_firmware< 3.2.73.2.7

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.