Buffer Overflow Vulnerability in PuTTY SSH Client
CVE-2004-1008

Currently unrated

Key Information:

Vendor

Putty

Status
Putty
Tortoisecvs
Vendor
CVE Published:
10 January 2005

What is CVE-2004-1008?

An integer signedness error in the ssh2_rdpkt function of PuTTY before version 0.56 can be exploited by remote attackers. By sending a specially crafted SSH2_MSG_DEBUG packet with a manipulated string length parameter, an attacker may execute arbitrary code on the target system, potentially compromising its security. It is crucial for users to update to the latest version of PuTTY to mitigate this vulnerability.

References

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414
x_refsource_CONFIRM
http://secunia.com/advisories/13012/
third-party-advisoryx_refsource_SECUNIA
http://www.idefense.com/application/poi/display?id=155&ty...
third-party-advisoryx_refsource_IDEFENSE

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-1008 : Buffer Overflow Vulnerability in PuTTY SSH Client