09 Oct 2019
Vulnérabilité CVE-2019-16905 CVE Vulnerability
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. (CVSS:0.0) (Last Update:2019-10-09)
Vulnerability Details : OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. Publish Date : 2019-10-09 Last Update Date : 2019-10-09 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-16905
- References For CVE-2019-16905 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-16905There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |