QwikSec

Security Database

CVE

CWE

Training

CVE-2005-0467

Published: Feb 21, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414

x_refsource_CONFIRM

putty-sftppktgetstring-bo(19403)

vdb-entry

x_refsource_XF

20050221 Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities

third-party-advisory

x_refsource_IDEFENSE

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002416

x_refsource_CONFIRM

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html

x_refsource_CONFIRM

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.