Headline
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
=================================================================== RCS file: /cvs/src/usr.bin/ssh/sshkey-xmss.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 — src/usr.bin/ssh/sshkey-xmss.c 2019/06/28 13:35:04 1.5 +++ src/usr.bin/ssh/sshkey-xmss.c 2019/10/09 00:02:57 1.6 @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */ /* * Copyright © 2017 Markus Friedl. All rights reserved. * @@ -971,7 +971,8 @@ goto out; } /* check that an appropriate amount of auth data is present */ - if (sshbuf_len(encoded) < encrypted_len + authlen) { + if (sshbuf_len(encoded) < authlen || + sshbuf_len(encoded) - authlen < encrypted_len) { r = SSH_ERR_INVALID_FORMAT; goto out; }