CVE-2013-4852 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tatham Putty
Severity
6.8MEDIUMNVD
EPSS
1.8%
top 17.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 19
Latest updateMay 13
Description
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages6 packages
Also affects: Debian Linux 6.0, 7.0, 7.1
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2013-4852: filezilla - Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other produ...↗2013
💬Community
5Bugzilla▶
CVE-2013-4852 filezilla: putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake [fedora-all]↗2013-08-05
Bugzilla▶
CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake [fedora-all]↗2013-08-05
Bugzilla▶
CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake [epel-all]↗2013-08-05
Bugzilla▶
CVE-2013-4852 filezilla: putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake [epel-6]↗2013-08-05
Bugzilla▶
CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake↗2013-08-05