... Loading ...

SSD Secure Disclosure

Disclosing vulnerabilities responsibly since 2007

SSD Advisory – OpenSSH Pre-Auth XMSS Integer Overflow

Vulnerability Summary The following advisory describes a Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH. CVE CVE-2019-16905 Credit An independent Security Researcher, Adam “pi3” Zabrocki, has reported this vulnerability to SSD Secure Disclosure program. Affected Systems OpenSSH version 7.7 up to the latest one (8.0) supporting XMSS keys (compiled with a defined […]