VDB
CVE-2019-16905
CVE-2019-16905
PUBLISHED
Es besteht eine Schwachstelle in OpenSSH, wenn es mit der XMSS-Implementierung kompiliert wurde (die als EXPERIMENTELL gilt). Ein anonymer Angreifer kann mit einem speziell entwickelten XMSS-Schlüssel eine Speicherbeschädigung auslösen, um beliebigen Code als "root"-Benutzer auszuführen.
EPSS 0.27% · 50.8th percentile
Risk Scores
EPSS Score
0.27%
50.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Gentoo Linux | |
| SolarWinds | SolarWinds Security Event Manager <2024.2 | |
| SolarWinds | SolarWinds Security Event Manager <2023.4 | |
| SolarWinds | SolarWinds Security Event Manager <2023.2 |
Exploit Intelligence
- https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow (nist-nvd)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
…and 549 more exploits
Timeline
- Oct 9, 2019 CVE Published
- Oct 2, 2020 PoC Published
- Nov 6, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Sep 6, 2021 PoC Published
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-0998.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0998 advisory
- https://www.openssh.com/txt/release-8.1 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-16905 advisory
- https://security.gentoo.org/glsa/201911-01 advisory
- https://documentation.solarwinds.com/en/Success_Center/SEM/content/release_notes/sem_2023-2_release_notes.htm advisory
- https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4_release_notes.htm advisory
- https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2024-2_release_notes.htm advisory