Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6542

CWE-119 — Buffer Overflow10 documents7 sources

Severity

9.8CRITICAL

EPSS

22.2%

top 4.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Putty Putty Opensuse Leap Opensuse Project Leap

Timeline

PublishedMar 27

Latest updateMay 14

Description

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Debianputty< 0.67-3+3

▶NVDputty/putty0.67

▶NVDopensuse/leap42.2

▶NVDopensuse_project/leap42.1

Patches

Patch: www.chiark.greenend.org.uk ↗Patch: www.chiark.greenend.org.uk ↗

🔴Vulnerability Details

GHSA

GHSA-6q3h-v425-7xx2: The ssh_agent_channel_data function in PuTTY before 0↗2022-05-14

▶

OSV

CVE-2017-6542: The ssh_agent_channel_data function in PuTTY before 0↗2017-03-27

▶

CVEList

CVE-2017-6542: The ssh_agent_channel_data function in PuTTY before 0↗2017-03-27

▶

💥Exploits & PoCs

Exploit-DB

PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption↗2017-06-07

▶

📋Vendor Advisories

Debian

CVE-2017-6542: putty - The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers...↗2017

▶

💬Community

Bugzilla

CVE-2017-6542 putty: Integer overflow in the ssh_agent_channel_data↗2017-03-13

▶

Bugzilla

CVE-2017-6542 putty: Integer overflow in the ssh_agent_channel_data [epel-6]↗2017-03-13

▶

Bugzilla

CVE-2017-6542 putty: Integer overflow in the ssh_agent_channel_data [fedora-all]↗2017-03-13

▶

Bugzilla

CVE-2017-6542 putty: Integer overflow in the ssh_agent_channel_data [epel-5]↗2017-03-13

▶