{"id":678,"date":"2019-10-10T16:06:03","date_gmt":"2019-10-10T14:06:03","guid":{"rendered":"http:\/\/blog.pi3.com.pl\/?p=678"},"modified":"2020-06-02T06:04:19","modified_gmt":"2020-06-02T04:04:19","slug":"cve-2019-16905-openssh-pre-auth-xmss-integer-overflow","status":"publish","type":"post","link":"https:\/\/blog.pi3.com.pl\/?p=678","title":{"rendered":"CVE-2019-16905 &#8211; OpenSSH Pre-Auth XMSS Integer Overflow"},"content":{"rendered":"<p>Some time ago I&#8217;ve found an interesting memory corruption bug (via integer overflow) in the mechanism responsible for parsing XMSS private keys. This bug is addressed in the latest OpenSSH released version (8.1) and more details about the bug can be found here:<\/p>\n<p><b><a href=\"https:\/\/ssd-disclosure.com\/ssd-advisory-openssh-pre-auth-xmss-integer-overflow\/\" target=\"_blank\" rel=\"noopener noreferrer\"><br \/>\nCVE-2019-16905 &#8211; OpenSSH Pre-Auth XMSS Integer Overflow<\/a><\/b><\/p>\n<p>Best regards,<br \/>\nAdam<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some time ago I&#8217;ve found an interesting memory corruption bug (via integer overflow) in the mechanism responsible for parsing XMSS private keys. This bug is addressed in the latest OpenSSH released version (8.1) and more details about the bug can be found here: CVE-2019-16905 &#8211; OpenSSH Pre-Auth XMSS Integer Overflow Best regards, Adam<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-678","post","type-post","status-publish","format-standard","hentry","category-bughunt","category-exploiting"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=678"}],"version-history":[{"count":5,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/678\/revisions"}],"predecessor-version":[{"id":711,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/678\/revisions\/711"}],"wp:attachment":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}