#VU32320 Stack-based buffer overflow in PuTTY - CVE-2016-2563
Published: April 8, 2016 / Updated: July 29, 2020
Vulnerability identifier: #VU32320
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-2563
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
PuTTY
PuTTY
Software vendor:
Simon Tatham
Simon Tatham
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a crafted SCP-SINK file-size response to an SCP download request. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Update to version 0.67.
External links
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html
- http://seclists.org/fulldisclosure/2016/Mar/22
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
- http://www.securityfocus.com/bid/84296
- http://www.securitytracker.com/id/1035257
- https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
- https://security.gentoo.org/glsa/201606-01