PT-2016-5210 · Simon Tatham+2 · Putty+2

Tintinweb

Publicado

2016-03-05

Atualizado

2016-12-03

CVE-2016-2563

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PuTTY versions prior to 0.67 KiTTY versions prior to 0.66.6.3

Description A stack-based buffer overflow issue exists in the SCP command-line utility, allowing remote servers to cause a denial of service or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Recommendations For PuTTY versions prior to 0.67, update to version 0.67 or later to resolve the issue. For KiTTY versions prior to 0.66.6.3, update to version 0.66.6.3 or later to resolve the issue.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-1194

CVE-2016-2563

MGASA-2016-0112

MGASA-2016-0118

Produtos afetados

Alt Linux

Kitty

Putty

PT-2016-5210 · Simon Tatham+2 · Putty+2

CVE-2016-2563

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24