CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.

Published : 2015-12-07 20:59 Updated : 2018-10-30 16:27

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Simon Tatham Putty 0.65 cpe:/a:simon_tatham:putty:0.65
Opensuse Leap 42.1 cpe:/o:opensuse:leap:42.1
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
Opensuse Opensuse 13.2 cpe:/o:opensuse:opensuse:13.2
  1. Simon Tatham (1) Search CVE
    1. Putty (1) Search CVE
      1. 0.65
  2. Opensuse (2) Search CVE
    1. Leap (1) Search CVE
      1. 42.1
    2. Opensuse (2) Search CVE
      1. 13.1
      2. 13.2

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

History of changes

Date Event
2018-10-30 16:27
2017-09-13 05:28
2015-12-07 20:59

New CVE