CVE-2019-16905 — HIGH (7.8)

Q: How severe is CVE-2019-16905?

CVE-2019-16905 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-16905?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Netapp Cloud Backup, Netapp Steelstore Cloud Integrated Storage, Siemens Scalance X204Rna Firmware, Siemens Scalance X204Rna.

Vulnerability Description

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	>= 7.7, <= 7.9
Netapp	Cloud Backup	-
Netapp	Steelstore Cloud Integrated Storage	-
Siemens	Scalance X204Rna Firmware	< 3.2.7
Siemens	Scalance X204Rna	-
Siemens	Scalance X204Rna Ecc Firmware	< 3.2.7
Siemens	Scalance X204Rna Ecc	-

Related Weaknesses (CWE)

CWE-190

References

https://bugzilla.suse.com/show_bug.cgi?id=1153537Issue TrackingThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.cRelease NotesVendor Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=Patch
https://security.gentoo.org/glsa/201911-01Third Party Advisory
https://security.netapp.com/advisory/ntap-20191024-0003/Third Party Advisory
https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-inteExploitThird Party Advisory
https://www.openssh.com/releasenotes.htmlRelease Notes
https://www.openwall.com/lists/oss-security/2019/10/09/1Mailing ListThird Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1153537Issue TrackingThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.cRelease NotesVendor Advisory
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=Patch
https://security.gentoo.org/glsa/201911-01Third Party Advisory
https://security.netapp.com/advisory/ntap-20191024-0003/Third Party Advisory

FAQ

What is CVE-2019-16905?

CVE-2019-16905 is a vulnerability with a CVSS score of 7.8 (HIGH). OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This l...

How severe is CVE-2019-16905?

CVE-2019-16905 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-16905?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Netapp Cloud Backup, Netapp Steelstore Cloud Integrated Storage, Siemens Scalance X204Rna Firmware, Siemens Scalance X204Rna.