Integer signedness error in the ssh2_rdpkt function in PuTTY prior to 0.56 allows remote malicious users to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
putty putty 0.49 |
||
putty putty 0.50 |
||
putty putty 0.51 |
||
putty putty 0.53b |
||
putty putty 0.54 |
||
putty putty 0.52 |
||
putty putty 0.53 |
||
putty putty 0.48 |
||
putty putty 0.55 |
||
tortoisecvs tortoisecvs 1.8 |