CVE-2013-4852

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2013-4206, CVE-2013-4207, CVE-2013-4208

Published on 20/08/13 - Updated on 02/09/15

Description

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2013-4852
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-467
Debian DSA-2736-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
debiandebian_linux
novellopensuse
simon_tathamputty
winscpwinscp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail