ALT-PU-2016-1194-1
Closed vulnerabilities
Published: 2016-04-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:1453
- openSUSE-SU-2016:1453
- 20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf
- 20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
- 84296
- 84296
- 1035257
- 1035257
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
- GLSA-201606-01
- GLSA-201606-01