CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Published : 2016-04-07 23:59 Updated : 2016-12-03 03:25

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
9bis Kitty 0.66.6.3 cpe:/a:9bis:kitty:0.66.6.3
Simon Tatham Putty 0.66 cpe:/a:simon_tatham:putty:0.66
  1. 9bis (1) Search CVE
    1. Kitty (1) Search CVE
      1. 0.66.6.3
  2. Simon Tatham (1) Search CVE
    1. Putty (1) Search CVE
      1. 0.66

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2016-04-07 23:59

New CVE