CVE-2013-4852

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.62 and earlier WinSCP versions prior to 5.1.6

Description The issue is related to an integer overflow that can occur when a remote SSH server sends a negative size value in an RSA key signature during the SSH handshake. This can trigger a heap-based buffer overflow, potentially allowing the execution of arbitrary code in certain applications that use PuTTY, and can cause a denial of service (crash).

Recommendations For PuTTY versions 0.62 and earlier, update to a version later than 0.62 to resolve the issue. For WinSCP versions prior to 5.1.6, update to version 5.1.6 or later to resolve the issue.