Описание
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.21634
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 21 год назад
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...
github
больше 3 лет назад
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
EPSS
Процентиль: 95%
0.21634
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other