Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Published : 2016-04-07 23:59 Updated : 2016-12-03 03:25

CVSS Score More info
Score 7.5 / 10
Vendor Product Version URI
9bis Kitty cpe:/a:9bis:kitty:
Simon Tatham Putty 0.66 cpe:/a:simon_tatham:putty:0.66
  1. 9bis (1) Search CVE
    1. Kitty (1) Search CVE
  2. Simon Tatham (1) Search CVE
    1. Putty (1) Search CVE
      1. 0.66


ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2016-04-07 23:59