Integer Overflow Vulnerabilities in PSFTP and PSCP Clients from PuTTY
CVE-2005-0467

Currently unrated

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 21 February 2005

What is CVE-2005-0467?

Multiple integer overflow vulnerabilities have been identified in the PSFTP and PSCP clients of PuTTY. These vulnerabilities arise in the functions responsible for parsing SFTP packets, namely sftp_pkt_getstring and fxp_readdir_recv. Under certain conditions, a malicious remote website could exploit these vulnerabilities by sending specially crafted SFTP responses, leading to heap corruption due to insufficient memory allocation. This situation could potentially allow for arbitrary code execution on the affected systems, undermining their security and integrity.

References

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/19403

vdb-entryx_refsource_XF

http://www.idefense.com/application/poi/display?id=201&ty...

third-party-advisoryx_refsource_IDEFENSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2005
Vulnerability Reserved
Feb 18, 2005

Putty

What is CVE-2005-0467?

References

Timeline