Lucene search

[email protected]NVD:CVE-2013-4852

HistoryAug 19, 2013 - 11:55 p.m.

CVE-2013-4852

2013-08-1923:55:09

CWE-189

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

winscpwinscpRange≤5.1.5

winscpwinscpMatch3.7.6

winscpwinscpMatch3.8.2

winscpwinscpMatch3.8_beta

winscpwinscpMatch4.0.4

winscpwinscpMatch4.0.5

winscpwinscpMatch4.2.6

winscpwinscpMatch4.2.7

winscpwinscpMatch4.2.8

winscpwinscpMatch4.2.9

winscpwinscpMatch4.3.2

winscpwinscpMatch4.3.4

winscpwinscpMatch4.3.5

winscpwinscpMatch4.3.6

winscpwinscpMatch4.3.7

winscpwinscpMatch4.3.8

winscpwinscpMatch4.3.9

winscpwinscpMatch4.4.0

winscpwinscpMatch5.0beta

winscpwinscpMatch5.0.1beta

winscpwinscpMatch5.0.2beta

winscpwinscpMatch5.0.3beta

winscpwinscpMatch5.0.4beta

winscpwinscpMatch5.0.5beta

winscpwinscpMatch5.0.6beta

winscpwinscpMatch5.0.7beta

winscpwinscpMatch5.0.8rc

winscpwinscpMatch5.0.9rc

winscpwinscpMatch5.1

winscpwinscpMatch5.1.1

winscpwinscpMatch5.1.2

winscpwinscpMatch5.1.3

winscpwinscpMatch5.1.4

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

debiandebian_linuxMatch7.1

opensuseopensuseMatch12.3

Node

puttyputtyMatch0.45

puttyputtyMatch0.46

puttyputtyMatch0.47

puttyputtyMatch0.48

puttyputtyMatch0.49

puttyputtyMatch0.50

puttyputtyMatch0.51

puttyputtyMatch0.52

puttyputtyMatch0.53b

puttyputtyMatch0.54

puttyputtyMatch0.55

puttyputtyMatch0.56

puttyputtyMatch0.57

puttyputtyMatch0.58

puttyputtyMatch0.59

puttyputtyMatch0.60

puttyputtyMatch0.61

puttyputtyMatch2010-06-01r8967development_snapshot

simon_tathamputtyRange≤0.62

simon_tathamputtyMatch0.53

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779

lists.opensuse.org/opensuse-updates/2013-08/msg00035.html

lists.opensuse.org/opensuse-updates/2013-08/msg00041.html

secunia.com/advisories/54379

secunia.com/advisories/54517

secunia.com/advisories/54533

svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896

winscp.net/tracker/show_bug.cgi?id=1017

www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html

www.debian.org/security/2013/dsa-2736

www.search-lab.hu/advisories/secadv-20130722

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for NVD:CVE-2013-4852

securityvulns3 nessus13 prion1 cvelist1 kaspersky3 seebug1 debiancve1 ubuntucve1 openvas15 cve1 gentoo2 mageia1 fedora4 freebsd1 debian2 osv1