PT-2017-17144 · Simon Tatham+1 · Putty+1

Tim Kosse

Published

2017-02-23

Updated

2024-06-15

CVE-2017-6542

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PuTTY versions prior to 0.68

Description The issue allows remote attackers to have an unspecified impact via a large length value in an agent protocol message. This is achieved by leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which triggers a buffer overflow.

Recommendations For versions prior to 0.68, update to version 0.68 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-1204

CVE-2017-6542

MGASA-2017-0093

OPENSUSE-SU-2024:11201-1

Affected Products

Alt Linux

Putty

PT-2017-17144 · Simon Tatham+1 · Putty+1

CVE-2017-6542

Weakness Enumeration

Related Identifiers

Affected Products

References · 26