CVE-2019-16905
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
OpenSSH 7.7 a 7.9 y 8.x anterior de la versión 8.1, cuando se compila con un tipo de clave experimental, tiene un desbordamiento de entero de identificación previa si un cliente o servidor está configurado para usar una clave XMSS especialmente diseñada. Esto conduce a la corrupción de la memoria y la ejecución del código local debido a un error en el algoritmo de análisis de claves XMSS. NOTA: la implementación de XMSS se considera experimental en todas las versiones de OpenSSH lanzadas, y no hay una forma compatible para habilitarla al crear OpenSSH portátil.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-09-26 CVE Reserved
- 2019-10-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1153537 | Issue Tracking | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20191024-0003 | Third Party Advisory |
|
| https://www.openssh.com/releasenotes.html | Release Notes | |
| https://www.openwall.com/lists/oss-security/2019/10/09/1 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://0day.life/exploits/0day-1009.html | 2024-08-05 | |
| https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h | 2023-03-01 |
| URL | Date | SRC |
|---|---|---|
| https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c | 2023-03-01 | |
| https://security.gentoo.org/glsa/201911-01 | 2023-03-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Scalance X204rna Firmware Search vendor "Siemens" for product "Scalance X204rna Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Search vendor "Siemens" for product "Scalance X204rna" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance X204rna Ecc Firmware Search vendor "Siemens" for product "Scalance X204rna Ecc Firmware" | < 3.2.7 Search vendor "Siemens" for product "Scalance X204rna Ecc Firmware" and version " < 3.2.7" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance X204rna Ecc Search vendor "Siemens" for product "Scalance X204rna Ecc" | - | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | >= 7.7 <= 7.9 Search vendor "Openbsd" for product "Openssh" and version " >= 7.7 <= 7.9" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | >= 8.0 < 8.1 Search vendor "Openbsd" for product "Openssh" and version " >= 8.0 < 8.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||