CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2016-2563 – Putty pscp 0.66 - Stack Buffer Overwrite
https://notcve.org/view.php?id=CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. Desbordamiento de buffer basado en pila en la utilidad comando-línea de SCP en PuTTY en versiones anteriores a 0.67 y KiTTY 0.66.6.3 y versiones anteriores permite a servidores remotos causar una denegación de servicio (corrupción de memoria de pila) o ejecutar código arbitrario a través de una respuesta de tamño de archivo SCP-SINK a una petición de descarga SCP. • https://www.exploit-db.com/exploits/39551 http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html http://seclists.org/fulldisclosure/2016/Mar/22 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html http://www.securityfocus.com/bid/84296 http://www.securitytracker.com/id/1035257 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 https://security.gentoo.org/glsa/201606-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 4EXPL: 0CVE-2015-5309
https://notcve.org/view.php?id=CVE-2015-5309
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. Desbordamiento de entero en el emulador de terminal en PuTTY en versiones anteriores a 0.66 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de una secuencia de escape ECH (borrar caracteres) con un valor de parámetro grande, que desencadena un desbordamiento inferior de buffer. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html http://www.debian.org/security/2015/dsa-3409 http://www.securitytracker.com/id/1034308 https://security.gentoo.org/glsa/201606-01 • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157
https://notcve.org/view.php?id=CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html http://www.debian.org/security/2015/dsa& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4208
https://notcve.org/view.php?id=CVE-2013-4208
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. La función rsa_verify en PuTTY anterior a 0.63 (1) no limpia de memoria los procesos sensibles después de usarlos y (2)no libera determinadas estructuras que contienen procesos sensibles, lo que podría permitir a usuarios locales descubrir claves privadas RSA y DSA. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html http://secunia.com/advisories/54379 http://secunia.com/advisories/54533 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html http://www.debian.org/security/2013/dsa-2736 http://www.openwall.com/lists/oss-security/2013/08/06/11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0CVE-2013-4206
https://notcve.org/view.php?id=CVE-2013-4206
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. Desbordamiento de búfer basado en memoria dinámica en la función modmul en sshbn.c en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente causar una corrupción de memoria o ejecución de código a través de una firma DSA manipulada que no es manejada adecuadamente cuando se realizan determinadas operaciones de bit-shifting durante una multiplicación modular. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html http://secunia.com/advisories/54379 http://secunia.com/advisories/54533 http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html http://www.debian.org/security/2013/dsa-2736 http://www.openwall.com/lists/oss-security/2013/08/06/11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •