Simon Tatham: >> Putty >> 0.65 Security Vulnerabilities
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
CVSS Score
9.8
EPSS Score
0.347
Published
2016-04-07
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
CVSS Score
4.3
EPSS Score
0.021
Published
2015-12-07