CVE-2013-4852
WinSCP < 5.1.6 - Denial of Service via RSA Key Signature Integer Overflow
Title source: llmDescription
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
References (11)
Core 11
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54533
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54517
Various Sources x_refsource_misc
http://winscp.net/tracker/show_bug.cgi?id=1017
Various Sources x_refsource_misc
http://www.search-lab.hu/advisories/secadv-20130722
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2736
Various Sources x_refsource_misc
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54379
Vendor Advisory x_refsource_confirm
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html
Scores
EPSS
0.0345
EPSS Percentile
87.7%
Details
CWE
CWE-189
Status
published
Products (50)
debian/debian_linux
6.0
debian/debian_linux
7.0
debian/debian_linux
7.1
opensuse/opensuse
12.3
putty/putty
0.45
putty/putty
0.46
putty/putty
0.47
putty/putty
0.48
putty/putty
0.49
putty/putty
0.50
... and 40 more
Published
Aug 19, 2013
Tracked Since
Feb 18, 2026