PT-2015-6845 · Simon Tatham+1 · Putty+1

Published

2015-11-10

Updated

2024-06-15

CVE-2015-5309

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions PuTTY versions prior to 0.66

Description The issue is related to an integer overflow in the terminal emulator, which can be triggered by a remote attacker using an ECH (erase characters) escape sequence with a large parameter value. This can cause a denial of service due to memory corruption or potentially allow the execution of arbitrary code.

Recommendations For versions prior to 0.66, update to version 0.66 or later to resolve the issue. As a temporary workaround, consider restricting access to the terminal emulator until the update is applied.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2015-1970

CVE-2015-5309

DLA-347-1

DSA-3409-1

MGASA-2015-0442

OPENSUSE-SU-2024:10374-1

Affected Products

Alt Linux

Putty

PT-2015-6845 · Simon Tatham+1 · Putty+1

CVE-2015-5309

Weakness Enumeration

Related Identifiers

Affected Products

References · 29