Vulnerability in Putty
CVE-2013-4852
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY vi…
EPSS: 0.018 (82.9th percentile) — read the EPSS interpretation.
Affected products
- Putty — versions 0.45, 0.46, 0.47
- Simon_tatham Putty — versions 0.53
- Winscp — versions 3.7.6, 3.8.2, 3.8_beta
- Debian Debian_linux — versions 6.0, 7.0, 7.1
- Opensuse — versions 12.3
- N/a — versions n/a
Weakness classification (CWE)
References
- 54533 (x_refsource_SECUNIA, third-party-advisory)
- 54517 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_MISC)
- DSA-2736 (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_MISC)
- openSUSE-SU-2013:1347 (vendor-advisory, x_refsource_SUSE)
- 54379 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)