CVE-2013-4852

Severity

68%

Complexity

86%

Confidentiality

106%

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-08-19 23:55:00

Last updated 5 years ago

2019-03-21 17:04:00

Affected Software

Winscp 3.7.6

3.7.6

Winscp 3.8.2

3.8.2

Winscp 3.8 Beta

3.8_beta

Winscp 4.0.4

4.0.4

Winscp 4.0.5

4.0.5

Winscp 4.2.6

4.2.6

Winscp 4.2.7

4.2.7

Winscp 4.2.8

4.2.8

Winscp 4.2.9

4.2.9

Winscp 4.3.2

4.3.2

Winscp 4.3.4

4.3.4

Winscp 4.3.5

4.3.5

WinSCP 4.3.6

4.3.6

WinSCP 4.3.7

4.3.7

WinSCP 4.3.8

4.3.8

WinSCP 4.3.9

4.3.9

WinSCP 4.4.0

4.4.0

WinSCP 5.0 beta

5.0

WinSCP 5.0.1 beta

5.0.1

WinSCP 5.0.2 beta

5.0.2

WinSCP 5.0.3 beta

5.0.3

WinSCP 5.0.4 beta

5.0.4

WinSCP 5.0.5 beta

5.0.5

WinSCP 5.0.6 beta

5.0.6

WinSCP 5.0.7 beta

5.0.7

WinSCP 5.0.8 release candidate

5.0.8

WinSCP 5.0.9 release candidate

5.0.9

WinSCP 5.1

5.1

WinSCP 5.1.1

5.1.1

WinSCP 5.1.2

5.1.2

WinSCP 5.1.3

5.1.3

WinSCP 5.1.4

5.1.4

Debian GNU/Linux 6.0

6.0

Debian Linux 7.0

7.0

Debian Linux 7.1

7.1

OpenSUSE 12.3

12.3

PuTTY 0.45

0.45

PuTTY 0.46

0.46

PuTTY 0.47

0.47

PuTTY 0.48

0.48

PuTTY 0.49

0.49

PuTTY 0.50

0.50

PuTTY 0.51

0.51

PuTTY 0.52

0.52

PuTTY 0.53b

0.53b

PuTTY 0.54

0.54

PuTTY 0.55

0.55

PuTTY 0.56

0.56

PuTTY 0.57

0.57

PuTTY 0.58

0.58

PuTTY 0.59

0.59

PuTTY 0.60

0.60

PuTTY 0.61

0.61

PuTTY 0.53

0.53

PuTTY

Simon Tatham Putty R8967 Development Snapshot 2010-06-01

2010-06-01

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779

openSUSE-SU-2013:1347

openSUSE-SU-2013:1355

54379

Vendor Advisory

54517

54533

http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896

http://winscp.net/tracker/show_bug.cgi?id=1017

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html

Vendor Advisory

DSA-2736

http://www.search-lab.hu/advisories/secadv-20130722

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.