Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2013-4852 (Candidate) is related to these bugs:

Bug #1209196: Update to Filezilla 3.7.3

Summary				In	Importance	Status
	1209196	Update to Filezilla 3.7.3		filezilla (Ubuntu)	Low	Fix Released

Bug #1224337: Sync filezilla 3.7.3-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1224337	Sync filezilla 3.7.3-1 (universe) from Debian unstable (main)		filezilla (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://winscp.net/trac...
MISC: http://www.search-lab....
CONFIRM: http://bugs.debian.org...
CONFIRM: http://www.chiark.gree...
DEBIAN: DSA-2736
SUSE: openSUSE-SU-2013:1355
SECUNIA: 54379
SUSE: openSUSE-SU-2013:1347
SECUNIA: 54533
SECUNIA: 54517
MISC: http://svn.tartarus.or...