CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Published : 2013-08-19 23:55 Updated : 2019-03-21 17:04

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Putty Putty 0.45 cpe:/a:putty:putty:0.45
Putty Putty 0.46 cpe:/a:putty:putty:0.46
Putty Putty 0.47 cpe:/a:putty:putty:0.47
Putty Putty 0.48 cpe:/a:putty:putty:0.48
Putty Putty 0.49 cpe:/a:putty:putty:0.49
Putty Putty 0.50 cpe:/a:putty:putty:0.50
Putty Putty 0.51 cpe:/a:putty:putty:0.51
Putty Putty 0.52 cpe:/a:putty:putty:0.52
Putty Putty 0.53b cpe:/a:putty:putty:0.53b
Putty Putty 0.54 cpe:/a:putty:putty:0.54
Putty Putty 0.55 cpe:/a:putty:putty:0.55
Putty Putty 0.56 cpe:/a:putty:putty:0.56
Putty Putty 0.57 cpe:/a:putty:putty:0.57
Putty Putty 0.58 cpe:/a:putty:putty:0.58
Putty Putty 0.59 cpe:/a:putty:putty:0.59
Putty Putty 0.60 cpe:/a:putty:putty:0.60
Putty Putty 0.61 cpe:/a:putty:putty:0.61
Winscp Winscp 5.0.4 cpe:/a:winscp:winscp:5.0.4:beta
Winscp Winscp 5.0.3 cpe:/a:winscp:winscp:5.0.3:beta
Winscp Winscp 5.0.6 cpe:/a:winscp:winscp:5.0.6:beta
Winscp Winscp 5.0.5 cpe:/a:winscp:winscp:5.0.5:beta
Winscp Winscp 5.0 cpe:/a:winscp:winscp:5.0:beta
Winscp Winscp 5.0.2 cpe:/a:winscp:winscp:5.0.2:beta
Winscp Winscp 5.0.1 cpe:/a:winscp:winscp:5.0.1:beta
Winscp Winscp 4.2.7 cpe:/a:winscp:winscp:4.2.7
Winscp Winscp 4.2.6 cpe:/a:winscp:winscp:4.2.6
Winscp Winscp 4.2.9 cpe:/a:winscp:winscp:4.2.9
Winscp Winscp 4.2.8 cpe:/a:winscp:winscp:4.2.8
Simon Tatham Putty 0.62 cpe:/a:simon_tatham:putty:0.62
Debian Debian Linux 6.0 cpe:/o:debian:debian_linux:6.0
Winscp Winscp 5.0.7 cpe:/a:winscp:winscp:5.0.7:beta
Winscp Winscp 4.0.5 cpe:/a:winscp:winscp:4.0.5
Winscp Winscp 4.4.0 cpe:/a:winscp:winscp:4.4.0
Winscp Winscp 4.0.4 cpe:/a:winscp:winscp:4.0.4
Winscp Winscp 3.8.2 cpe:/a:winscp:winscp:3.8.2
Winscp Winscp 5.0.9 cpe:/a:winscp:winscp:5.0.9:rc
Winscp Winscp 5.1 cpe:/a:winscp:winscp:5.1
Winscp Winscp 5.0.8 cpe:/a:winscp:winscp:5.0.8:rc
Winscp Winscp 4.3.6 cpe:/a:winscp:winscp:4.3.6
Winscp Winscp 4.3.5 cpe:/a:winscp:winscp:4.3.5
Winscp Winscp 4.3.8 cpe:/a:winscp:winscp:4.3.8
Winscp Winscp 4.3.7 cpe:/a:winscp:winscp:4.3.7
Winscp Winscp 4.3.9 cpe:/a:winscp:winscp:4.3.9
Debian Debian Linux 7.1 cpe:/o:debian:debian_linux:7.1
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Winscp Winscp 3.8_beta cpe:/a:winscp:winscp:3.8_beta
Winscp Winscp 4.3.2 cpe:/a:winscp:winscp:4.3.2
Winscp Winscp 5.1.4 cpe:/a:winscp:winscp:5.1.4
Winscp Winscp 4.3.4 cpe:/a:winscp:winscp:4.3.4
Winscp Winscp 3.7.6 cpe:/a:winscp:winscp:3.7.6
Winscp Winscp 5.1.2 cpe:/a:winscp:winscp:5.1.2
Winscp Winscp 5.1.5 cpe:/a:winscp:winscp:5.1.5
Simon Tatham Putty 0.53 cpe:/a:simon_tatham:putty:0.53
Simon Tatham Putty 2010-06-01 cpe:/a:simon_tatham:putty:2010-06-01:r8967:~~development_snapshot~~~
Winscp Winscp 5.1.3 cpe:/a:winscp:winscp:5.1.3
Winscp Winscp 5.1.1 cpe:/a:winscp:winscp:5.1.1
Opensuse Opensuse 12.3 cpe:/o:opensuse:opensuse:12.3
  1. Winscp (1) Search CVE
    1. Winscp (33) Search CVE
      1. 5.0.4
      2. 5.0.3
      3. 5.0.6
      4. 5.0.5
      5. 5.0
      6. 5.0.2
      7. 5.0.1
      8. 4.2.7
      9. 4.2.6
      10. 4.2.9
      11. 4.2.8
      12. 5.0.7
      13. 4.0.5
      14. 4.4.0
      15. 4.0.4
      16. 3.8.2
      17. 5.0.9
      18. 5.1
      19. 5.0.8
      20. 4.3.6
      21. 4.3.5
      22. 4.3.8
      23. 4.3.7
      24. 4.3.9
      25. 3.8_beta
      26. 4.3.2
      27. 5.1.4
      28. 4.3.4
      29. 3.7.6
      30. 5.1.2
      31. 5.1.5
      32. 5.1.3
      33. 5.1.1
  2. Simon Tatham (1) Search CVE
    1. Putty (3) Search CVE
      1. 0.62
      2. 0.53
      3. 2010-06-01
  3. Opensuse (1) Search CVE
    1. Opensuse (1) Search CVE
      1. 12.3
  4. Putty (1) Search CVE
    1. Putty (17) Search CVE
      1. 0.45
      2. 0.46
      3. 0.47
      4. 0.48
      5. 0.49
      6. 0.50
      7. 0.51
      8. 0.52
      9. 0.53b
      10. 0.54
      11. 0.55
      12. 0.56
      13. 0.57
      14. 0.58
      15. 0.59
      16. 0.60
      17. 0.61
  5. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 6.0
      2. 7.1
      3. 7.0

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

History of changes

Date Event
2019-03-21 17:04
2018-10-30 16:27
2013-08-19 23:55

New CVE