SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow
Vulnerability SummaryThe following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH.CVECVE-2019-16905CreditAn independent Security Researcher, Adam “pi3” Zabrocki, has reported this vulnerability to SSD Secure Disclosure program.Affected SystemsOpenSSH version 7.7 up to the latest one (8.0) supporting XMSS keys (compiled with a defined WITH_XMSS macro).Nevertheless, the bug is only there …
SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow Read More »
