GHSA-vc8p-8pxg-rfwg: Denial of Service via Integer Overflow and Memory Exhaustion in ConnectBot SSH Client Library
Vulnerability ID: GHSA-VC8P-8PXG-RFWG
CVSS Score: 6.8
Published: 2026-06-12
An integer overflow and excessive memory allocation vulnerability in the Distinguished Encoding Rules (DER) private-key parser of ConnectBot SSH Client Library (connectbot/cbssh) allows a local attacker to cause a Denial of Service (DoS) via process termination. By inducing an application utilizing the library to parse a malformed DER-encoded private key file, the library attempts massive memory allocations, triggering an uncaught OutOfMemoryError on the JVM.
TL;DR
ConnectBot SSH library contains an integer overflow in its DER parser, allowing malformed private keys to trigger an OutOfMemoryError and crash the application.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-190, CWE-770, CWE-400
- Attack Vector: Local (AV:L)
- CVSS v4.0 Score: 6.8
- Impact: Denial of Service (DoS)
- Exploit Status: Proof-of-Concept
- CISA KEV Status: Not Listed
Affected Systems
- ConnectBot SSH Client Library (connectbot/cbssh) versions <= 0.3.0
-
sshlib: <= 0.3.0 (Fixed in:
0.3.1)
Mitigation Strategies
- Enforce strict file size limits (e.g., < 16 KB) on all uploaded or imported private keys before passing them to the parser.
- Configure the JVM to automatically restart on OutOfMemoryError to recover availability.
- Upgrade the cbssh library to version v0.3.1 or higher.
Remediation Steps:
- Identify all occurrences of the vulnerable dependency org.connectbot.sshlib:sshlib in your build configuration files (e.g., pom.xml or build.gradle).
- Update the dependency version to 0.3.1 or later.
- Recompile and deploy the application to production environments.
References
Read the full report for GHSA-VC8P-8PXG-RFWG on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)