PT-2005-1526 · Simon Tatham · Putty
Published
2005-02-21
·
Updated
2017-07-11
·
CVE-2005-0467
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PuTTY versions prior to 0.56
Description
The issue is caused by multiple integer overflows in the
sftp pkt getstring and fxp readdir recv functions in the PSFTP and PSCP clients. This allows remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.Recommendations
For versions prior to 0.56, update to a version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Putty