How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

352,427

Total vulnerabilities in the database

ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing — org.connectbot.sshlib / sshlib

Integer Overflow or Wraparound

Summary

The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them to Int values or allocating arrays.

A malformed private-key file could encode a length that overflowed or wrapped around, or request an allocation much larger than the available input. This could cause parsing errors or an uncaught OutOfMemoryError, potentially terminating the application process.

Details

The issue was in DerReader.readLength() and primitive readers such as readInteger().

readLength() previously accepted up to 127 length octets and accumulated them into an Int:

length = (length shl 8) or nextByte

This permitted integer overflow. For example:

0x1_0000_0001 wrapped to 1.
0x8000_0000 wrapped to Int.MIN_VALUE.

Primitive readers then allocated memory based on the resulting value without first checking it against the remaining input:

val bytes = ByteArray(length)
data.get(bytes)

A six-byte DER value declaring a 1 GiB INTEGER caused an immediate OutOfMemoryError when tested with a constrained JVM heap. Because OutOfMemoryError is not an Exception, it is not caught by the public-key authentication error handling and may terminate the application process.

A zero-length DER INTEGER is also invalid, but it does not produce BigInteger.ZERO: Java throws NumberFormatException when constructing a BigInteger from an empty byte array. No weakened or usable cryptographic key has been demonstrated through this issue.

Attack Requirements

The affected DER parser processes private-key material explicitly supplied by the application through APIs such as:

SshClient.authenticatePublicKey()
SshKeys.decodePemPrivateKey()
SshSigning.sign()
SshSigning.getPublicKey()

The DER input is not populated from SSH server host keys or agent-forwarding requests. Exploitation therefore requires a user or application to load an attacker-provided private-key file. The issue is not remotely exploitable by an SSH server.

Impact

Successful exploitation can cause:

Incorrect DER length interpretation due to integer wraparound
Excessive memory allocation
An uncaught OutOfMemoryError
Loss of availability of the affected application process

There is no demonstrated confidentiality or integrity impact.

Remediation

The DER parser now:

Rejects indefinite lengths
Explicitly limits long-form lengths to Int.SIZE_BYTES (four octets) and rejects values above Int.MAX_VALUE
Accumulates long-form lengths in a Long before converting to Int
Rejects truncated and non-minimal length encodings
Checks declared lengths against the remaining input before allocation or advancing the input position
Rejects zero-length DER INTEGER, BIT STRING, and OBJECT IDENTIFIER values where an empty encoding is invalid
Rejects non-canonical DER INTEGER encodings with redundant sign octets

The bounds checks are implemented in shared DER reader helpers and apply to INTEGER, OCTET STRING, BIT STRING, OBJECT IDENTIFIER, SEQUENCE, context-specific values, and skipped values. PKCS#1 RSA and SEC1 EC private keys pass application-supplied DER directly through these helpers. PKCS#8 input is parsed by the JCA provider, and OpenSSH private keys use a separate wire-format parser rather than DerReader.

Published: Jun 12, 2026
Updated: Jun 13, 2026
GHSA: GHSA-vc8p-8pxg-rfwg
Severity: Medium
Exploit:
CISA KEV:

No technical information available.

CWEs:

Affected Software
References

Software	From	Fixed in
org.connectbot.sshlib / sshlib	-	0.3.0.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.