CVE-2005-0467 — Putty vulnerability

6 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.0%

top 16.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Debian Putty

Timeline

PublishedFeb 21

Latest updateMay 1

Description

Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/putty< putty 0.57-1 (bookworm)

▶Debianputty/putty< 0.57-1+3

▶NVDputty/putty0.56

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmv8-452f-24ph: Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0↗2022-05-01

▶

OSV

CVE-2005-0467: Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0↗2005-02-21

▶

📋Vendor Advisories

Debian

CVE-2005-0467: putty - Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_rec...↗2005

▶

🕵️Threat Intelligence

Tenable

Three Types of Client-side Exploits↗2012-02-28

▶

Tenable

Three Types of Client-side Exploits↗2012-02-28

▶