Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PuTTY/WinSCP ‘getstring()’函数多个远程整数溢出漏洞
Vulnerability Description
PuTTY是软件开发者Simon Tatham所研发的一套免费的Telnet、Rlogin和SSH客户端软件。WinSCP是捷克布拉格经济大学所开发与维护的一套使用SSH的开源图形化SFTP和FTP客户端。 PuTTY 0.62及之前版本,WinSCP 5.1.6之前的版本,以及其它产品中存在整数溢出漏洞。通过在SSH握手期间向RSA密钥签名中加入一个负值,触发基于堆的缓冲区溢出,远程SSH服务器端的攻击者可利用该漏洞造成拒绝服务(崩溃),并有可能在运行PuTTY的程序上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A