QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2563

Published: Apr 7, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:1453

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html

x_refsource_CONFIRM

https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563

x_refsource_MISC

20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.