Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote malicious users to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ios 12.1t |
||
cisco ios 12.2 |
||
cisco ios 12.0s |
||
cisco ios 12.0st |
||
cisco ios 12.2s |
||
cisco ios 12.2t |
||
cisco ios 12.1e |
||
cisco ios 12.1ea |
||
pragma_systems secureshell 2.0 |
||
putty putty 0.48 |
||
fissh ssh_client 1.0a_for_windows |
||
putty putty 0.49 |
||
putty putty 0.53 |
||
winscp winscp 2.0.0 |
||
intersoft securenetterm 5.4.1 |
||
netcomposite shellguard_ssh 3.4.6 |
Vulmon