Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| putty | putty | 0.51 |
| tortoisecvs | tortoisecvs | 1.8 |
| putty | putty | 0.48 |
| putty | putty | 0.54 |
| putty | putty | 0.49 |
| putty | putty | 0.53 |
| putty | putty | 0.55 |
| putty | putty | 0.53b |
| putty | putty | 0.52 |
| putty | putty | 0.50 |