CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

Published : 2017-03-27 17:59 Updated : 2018-10-30 16:27

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Opensuse Project Leap 42.1 cpe:/o:opensuse_project:leap:42.1
Putty Putty 0.67 cpe:/a:putty:putty:0.67
Opensuse Leap 42.2 cpe:/o:opensuse:leap:42.2
  1. Opensuse (1) Search CVE
    1. Leap (1) Search CVE
      1. 42.2
  2. Putty (1) Search CVE
    1. Putty (1) Search CVE
      1. 0.67
  3. Opensuse Project (1) Search CVE
    1. Leap (1) Search CVE
      1. 42.1

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2018-10-30 16:27
2017-08-13 05:28
2017-07-12 05:32
2017-07-01 05:39
2017-03-27 17:59

New CVE