Published: 07/04/2016 Updated: 03/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the SCP command-line utility in PuTTY prior to 0.67 and KiTTY 0.66.6.3 and previous versions allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
9bis kitty
simon tatham putty

Debian Bug report logs - #816921 putty: CVE-2016-2563: buffer overrun in the old-style SCP protocol Package: src:putty; Maintainer for src:putty is Colin Watson <cjwatson@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 6 Mar 2016 18:12:02 UTC Severity: important Tags: fixed-upstream, pa ...

Source: githubcom/tintinweb/pub/tree/master/pocs/cve-2016-2563 Author: <githubcom/tintinweb> Date: Feb 20th, 2016 Name: putty Vendor: sgtatham - wwwchiarkgreenendorguk/~sgtatham/putty/ Version: 059 [3] (~9 years ago) <= affected <= 066 Platform(s): win/nix Technology: c Vuln ...

CWE-119 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 http://seclists.org/fulldisclosure/2016/Mar/22 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html https://security.gentoo.org/glsa/201606-01 http://www.securityfocus.com/bid/84296 http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html http://www.securitytracker.com/id/1035257 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816921 https://nvd.nist.gov https://www.exploit-db.com/exploits/39551/

CVE-2016-2563

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect