CVE-2019-16905

🗓️ 09 Oct 2019 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 4981 Views

OpenSSH pre-auth integer overflow with XMSS key can lead to local code executio

Reporter	Title	Published	Views	Family All 100
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in OpenSSH affects IBM Watson Studio Local	20 Dec 201913:54	–	ibm
GithubExploit	Exploit for Race Condition in Openbsd Openssh	13 Sep 202501:46	–	githubexploit
BDU FSTEC	The vulnerability of the OpenSSH cryptographic protection implementation arises from a possible integer overflow, allowing an attacker to execute arbitrary code.	6 Jul 202100:00	–	bdu_fstec
CBLMariner	CVE-2019-16905 affecting package openssh 8.0p1-13	5 Nov 202004:21	–	cbl_mariner
Circl	CVE-2019-16905	12 Sep 202209:43	–	circl
Cvelist	CVE-2019-16905	9 Oct 201900:00	–	cvelist
Debian CVE	CVE-2019-16905	9 Oct 201900:00	–	debiancve
Tenable Nessus	EulerOS 2.0 SP8 : openssh (EulerOS-SA-2019-2294)	27 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.5.0 : openssh (EulerOS-SA-2020-1046)	13 Jan 202000:00	–	nessus
Tenable Nessus	GLSA-201911-01 : OpenSSH: Integer overflow	8 Nov 201900:00	–	nessus

NVD

Node

openbsd opensshRange7.7–7.9

openbsd opensshRange8.0–8.1

Node

Node

AND

Node

AND

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
openssh	www.openssh.com/releasenotes.html
ssd-disclosure	www.ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow
openwall	www.openwall.com/lists/oss-security/2019/10/09/1
cvsweb	www.cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff
security	www.security.netapp.com/advisory/ntap-20191024-0003/
cvsweb	www.cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c
security	www.security.gentoo.org/glsa/201911-01

17 Jun 2026 02:22Current

7.9High risk

Vulners AI Score7.9

CVSS 24.4

CVSS 3.17.8

EPSS0.0217