Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4852

Опубликовано: 19 авг. 2013
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*
Версия до 5.1.5 (включая)
cpe:2.3:a:winscp:winscp:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:3.8_beta:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.3:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.5:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.6:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.7:beta:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.8:rc:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.0.9:rc:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.1:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:winscp:winscp:5.1.4:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*
cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*
Версия до 0.62 (включая)
cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*

EPSS

Процентиль: 82%
0.01751
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

ubuntu логотип

CVE-2013-4852

ubuntu
больше 12 лет назад

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

debian логотип

CVE-2013-4852

debian
больше 12 лет назад

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and o ...

github логотип

GHSA-x52x-v8xm-9r9j

github
больше 3 лет назад

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

EPSS

Процентиль: 82%
0.01751
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-189