Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-6542

Published: 27/03/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Putty

Vulnerability Summary

The ssh_agent_channel_data function in PuTTY prior to 0.68 allows remote malicious users to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

putty putty

opensuse project leap 42.1

opensuse leap 42.2

Vendor Advisories

Debian CVElist Bug Report Logs: putty: CVE-2017-6542: integer overflow permits memory overwrite by forwarded ssh-agent connections
Debian Bug report logs - #857642 putty: CVE-2017-6542: integer overflow permits memory overwrite by forwarded ssh-agent connections Package: src:putty; Maintainer for src:putty is Colin Watson <cjwatson@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 13 Mar 2017 16:30:04 UTC Severity: gr ...

Exploits

Exploit DB: PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
Source: wwwchiarkgreenendorguk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflowhtml summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security vulnerability difficulty: fun: Just needs tuits, and not many of them priority: high: This should be fixed i ...
Exploit DB: PuTTY ssh_agent_channel_data Integer Overflow
PuTTY versions prior to 068 suffer from an ssh_agent_channel_data integer overflow heap corruption vulnerability ...

References

CWE-119https://security.gentoo.org/glsa/201703-03http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.htmlhttp://lists.opensuse.org/opensuse-updates/2017-03/msg00055.htmlhttp://www.securityfocus.com/bid/97156https://security.gentoo.org/glsa/201706-09http://www.securitytracker.com/id/1038067https://www.exploit-db.com/exploits/42137/https://git.tartarus.org/?p=simon/putty.git%3Ba=commitdiff%3Bh=4ff22863d895cb7ebfced4cf923a012a614adaa8https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857642https://nvd.nist.govhttps://www.exploit-db.com/exploits/42137/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook