CVE-2020-12651
CRITICALSecureCRT < 8.7.2 - Remote Code Execution via Integer Overflow in Banner Processing
Title source: llmDescription
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.vandyke.com/support/advisory/index.html
Third Party Advisory x_refsource_misc
https://twitter.com/taviso/status/1261079774190919680
Exploit, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=2033
Release Notes, Vendor Advisory x_refsource_confirm
https://www.vandyke.com/products/securecrt/history.txt
Scores
CVSS v3
9.8
EPSS
0.0660
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
vandyke/securecrt
< 8.7.2
Published
May 15, 2020
Tracked Since
Feb 18, 2026