Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PuTTY/PSCP远程任意指令执行漏洞
Vulnerability Description
PuTTY是软件开发者Simon Tatham所研发的一套免费的Telnet、Rlogin和SSH客户端软件。该软件主要用于对Linux系统进行远程管理。 PuTTY 0.55之前版本在处理畸形包数据时存在问题,远程攻击者可以利用这个漏洞构建恶意服务器,诱使putty访问,可以用户进程权限在系统上执行任意指令。Core Security小组发现putty存在一个严重问题。允许SSH2服务器在主机KEY验证之前攻击putty客户端。攻击者可以构建恶意SSH服务器,让putty用户连接时触发此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A