pi3 blog

bug bugs bughunt exploit exploiting research vulnerabilities

• Home
• About

“He who fights with monsters should be careful lest he thereby become a monster. And if thou gaze long into an abyss, the abyss will also gaze into thee.”

~Friedrich Nietzsche

• Subscribe

  

• Categories

  • Bughunt (28)
  • Exploiting (36)
  • Ideas (28)
  • LKRG (10)
  • Meeting (6)
  • O wszystkim i o niczym (34)

• Recent Posts

  • RISC-V: Vice Chair of the J-extension Task Group
  • CVE-2023-34367
  • Bug bounties are broken – the story of “i915” bug, ChromeOS + Intel bounty programs, and beyond
  • My talks @ BlackHat 2021 and DefCon29
  • LKRG 0.9.0 has been released!

• Archives

  • November 2023
  • June 2023
  • May 2023
  • July 2021
  • April 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • June 2020
  • May 2020
  • March 2020
  • October 2019
  • July 2019
  • May 2019
  • April 2019
  • February 2019
  • August 2018
  • July 2018
  • March 2018
  • February 2018
  • January 2018
  • April 2017
  • September 2016
  • July 2015
  • February 2015
  • March 2014
  • August 2013
  • July 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • October 2012
  • May 2012
  • April 2012
  • December 2011
  • September 2011
  • August 2011
  • July 2011
  • March 2011
  • November 2010
  • October 2010
  • July 2010
  • May 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009

• Friends

  • Bothunters – Borys Łącki
  • Gynvael Coldwind
  • Icewall
  • j00ru
  • Piotr Bania

• Pages

  • About

Some time ago I’ve found an interesting memory corruption bug (via integer overflow) in the mechanism responsible for parsing XMSS private keys. This bug is addressed in the latest OpenSSH released version (8.1) and more details about the bug can be found here:

CVE-2019-16905 – OpenSSH Pre-Auth XMSS Integer Overflow

Best regards,
Adam

Comments