CVE-2013-4852

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario en determinadas aplicaciones que utilizan PuTTY a través de un tamaño negativo en el valor de la firma en la clave RSA durante el handshake SSH, que provoca un desbordamiento basado en memoria dinámica.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-07-16 CVE Reserved
2013-08-06 CVE Published
2024-08-06 CVE Updated
2024-09-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (11)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779	X_refsource_confirm
http://secunia.com/advisories/54517	Third Party Advisory
http://secunia.com/advisories/54533	Third Party Advisory
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896	X_refsource_misc
http://winscp.net/tracker/show_bug.cgi?id=1017	X_refsource_misc
http://www.search-lab.hu/advisories/secadv-20130722	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html	2021-08-06
http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html	2021-08-06
http://secunia.com/advisories/54379	2021-08-06
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html	2021-08-06
http://www.debian.org/security/2013/dsa-2736	2021-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				<= 5.1.5 Search vendor "Winscp" for product "Winscp" and version " <= 5.1.5"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				3.7.6 Search vendor "Winscp" for product "Winscp" and version "3.7.6"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				3.8.2 Search vendor "Winscp" for product "Winscp" and version "3.8.2"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				3.8_beta Search vendor "Winscp" for product "Winscp" and version "3.8_beta"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.0.4 Search vendor "Winscp" for product "Winscp" and version "4.0.4"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.0.5 Search vendor "Winscp" for product "Winscp" and version "4.0.5"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.2.6 Search vendor "Winscp" for product "Winscp" and version "4.2.6"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.2.7 Search vendor "Winscp" for product "Winscp" and version "4.2.7"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.2.8 Search vendor "Winscp" for product "Winscp" and version "4.2.8"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.2.9 Search vendor "Winscp" for product "Winscp" and version "4.2.9"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.2 Search vendor "Winscp" for product "Winscp" and version "4.3.2"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.4 Search vendor "Winscp" for product "Winscp" and version "4.3.4"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.5 Search vendor "Winscp" for product "Winscp" and version "4.3.5"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.6 Search vendor "Winscp" for product "Winscp" and version "4.3.6"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.7 Search vendor "Winscp" for product "Winscp" and version "4.3.7"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.8 Search vendor "Winscp" for product "Winscp" and version "4.3.8"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.3.9 Search vendor "Winscp" for product "Winscp" and version "4.3.9"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				4.4.0 Search vendor "Winscp" for product "Winscp" and version "4.4.0"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0 Search vendor "Winscp" for product "Winscp" and version "5.0"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.1 Search vendor "Winscp" for product "Winscp" and version "5.0.1"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.2 Search vendor "Winscp" for product "Winscp" and version "5.0.2"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.3 Search vendor "Winscp" for product "Winscp" and version "5.0.3"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.4 Search vendor "Winscp" for product "Winscp" and version "5.0.4"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.5 Search vendor "Winscp" for product "Winscp" and version "5.0.5"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.6 Search vendor "Winscp" for product "Winscp" and version "5.0.6"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.7 Search vendor "Winscp" for product "Winscp" and version "5.0.7"		beta		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.8 Search vendor "Winscp" for product "Winscp" and version "5.0.8"		rc		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.0.9 Search vendor "Winscp" for product "Winscp" and version "5.0.9"		rc		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.1 Search vendor "Winscp" for product "Winscp" and version "5.1"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.1.1 Search vendor "Winscp" for product "Winscp" and version "5.1.1"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.1.2 Search vendor "Winscp" for product "Winscp" and version "5.1.2"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.1.3 Search vendor "Winscp" for product "Winscp" and version "5.1.3"		-		Affected
Winscp Search vendor "Winscp"		Winscp Search vendor "Winscp" for product "Winscp"				5.1.4 Search vendor "Winscp" for product "Winscp" and version "5.1.4"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.1 Search vendor "Debian" for product "Debian Linux" and version "7.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.45 Search vendor "Putty" for product "Putty" and version "0.45"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.46 Search vendor "Putty" for product "Putty" and version "0.46"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.47 Search vendor "Putty" for product "Putty" and version "0.47"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.48 Search vendor "Putty" for product "Putty" and version "0.48"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.49 Search vendor "Putty" for product "Putty" and version "0.49"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.50 Search vendor "Putty" for product "Putty" and version "0.50"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.51 Search vendor "Putty" for product "Putty" and version "0.51"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.52 Search vendor "Putty" for product "Putty" and version "0.52"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.53b Search vendor "Putty" for product "Putty" and version "0.53b"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.54 Search vendor "Putty" for product "Putty" and version "0.54"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.55 Search vendor "Putty" for product "Putty" and version "0.55"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.56 Search vendor "Putty" for product "Putty" and version "0.56"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.57 Search vendor "Putty" for product "Putty" and version "0.57"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.58 Search vendor "Putty" for product "Putty" and version "0.58"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.59 Search vendor "Putty" for product "Putty" and version "0.59"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.60 Search vendor "Putty" for product "Putty" and version "0.60"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				0.61 Search vendor "Putty" for product "Putty" and version "0.61"		-		Affected
Putty Search vendor "Putty"		Putty Search vendor "Putty" for product "Putty"				2010-06-01 Search vendor "Putty" for product "Putty" and version "2010-06-01"		r8967, development_snapshot		Affected
Simon Tatham Search vendor "Simon Tatham"		Putty Search vendor "Simon Tatham" for product "Putty"				<= 0.62 Search vendor "Simon Tatham" for product "Putty" and version " <= 0.62"		-		Affected
Simon Tatham Search vendor "Simon Tatham"		Putty Search vendor "Simon Tatham" for product "Putty"				0.53 Search vendor "Simon Tatham" for product "Putty" and version "0.53"		-		Affected