fkie_nvd - fkie_cve-2013-4852

FKIE_CVE-2013-4852

Vulnerability from fkie_nvd - Published: 2013-08-19 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html
cve@mitre.org	http://secunia.com/advisories/54379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/54517
cve@mitre.org	http://secunia.com/advisories/54533
cve@mitre.org	http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
cve@mitre.org	http://winscp.net/tracker/show_bug.cgi?id=1017
cve@mitre.org	http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2013/dsa-2736
cve@mitre.org	http://www.search-lab.hu/advisories/secadv-20130722
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54517
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54533
af854a3a-2127-422b-91ae-364da2661108	http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
af854a3a-2127-422b-91ae-364da2661108	http://winscp.net/tracker/show_bug.cgi?id=1017
af854a3a-2127-422b-91ae-364da2661108	http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2736
af854a3a-2127-422b-91ae-364da2661108	http://www.search-lab.hu/advisories/secadv-20130722

Impacted products

Vendor	Product	Version
winscp	winscp	*
winscp	winscp	3.7.6
winscp	winscp	3.8.2
winscp	winscp	3.8_beta
winscp	winscp	4.0.4
winscp	winscp	4.0.5
winscp	winscp	4.2.6
winscp	winscp	4.2.7
winscp	winscp	4.2.8
winscp	winscp	4.2.9
winscp	winscp	4.3.2
winscp	winscp	4.3.4
winscp	winscp	4.3.5
winscp	winscp	4.3.6
winscp	winscp	4.3.7
winscp	winscp	4.3.8
winscp	winscp	4.3.9
winscp	winscp	4.4.0
winscp	winscp	5.0
winscp	winscp	5.0.1
winscp	winscp	5.0.2
winscp	winscp	5.0.3
winscp	winscp	5.0.4
winscp	winscp	5.0.5
winscp	winscp	5.0.6
winscp	winscp	5.0.7
winscp	winscp	5.0.8
winscp	winscp	5.0.9
winscp	winscp	5.1
winscp	winscp	5.1.1
winscp	winscp	5.1.2
winscp	winscp	5.1.3
winscp	winscp	5.1.4
debian	debian_linux	6.0
debian	debian_linux	7.0
debian	debian_linux	7.1
opensuse	opensuse	12.3
putty	putty	0.45
putty	putty	0.46
putty	putty	0.47
putty	putty	0.48
putty	putty	0.49
putty	putty	0.50
putty	putty	0.51
putty	putty	0.52
putty	putty	0.53b
putty	putty	0.54
putty	putty	0.55
putty	putty	0.56
putty	putty	0.57
putty	putty	0.58
putty	putty	0.59
putty	putty	0.60
putty	putty	0.61
putty	putty	2010-06-01
simon_tatham	putty	*
simon_tatham	putty	0.53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C1C29-794B-4000-90B0-E2BB65ED0AB2",
              "versionEndIncluding": "5.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E3DFFBF-4E07-4449-A7A0-873DF6A98E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89254511-B715-4515-AA6F-86133A2182CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:3.8_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA30CE9-054B-4C5E-BE4E-8F404E3BBD49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D838748A-09CC-4940-829F-910B013A9962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DD6743-97F5-43AB-8D84-FB3561BDE964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FA1BCF-7E92-4C97-9B44-579A28FD1AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3569C249-6505-469C-B44D-9CD44497E153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C15244-1AD8-4D82-BAC4-FD77A83FBFE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E49405-3C31-488C-8D28-2A417083D07B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B148D20-65E9-4C6B-985E-69BC737FC36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81237965-5289-4784-BCE9-44891036E49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CCC513-6594-4AD4-BB11-47456767F741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "53DAE27A-C884-4619-B9D2-4BB356DD0743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB16665-C7CD-4672-A8DF-CED0267C6909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E4F93A-F40E-4367-ACDA-97190281BED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "058A5223-B23D-483E-89FC-64BAE4E98FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35FFF50-7989-4749-BE7D-51068B249D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "1993D161-712E-47AE-8402-538273CC21EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "E42F707C-A70C-4EF5-B898-F693B6C586BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "5C8DB53F-739D-4B28-9D16-D6CF4478CAE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C6521E48-0607-4F51-81F4-569DC950F01E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "D8204C5B-23CF-4111-BF98-EB73442CD47B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.5:beta:*:*:*:*:*:*",
              "matchCriteriaId": "4100FDCF-087A-44AA-ABA2-C0632FE452F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F2496D95-22A2-4EA9-A090-45E630D57526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "3C6B9617-B687-4885-8100-2ECBEE1E157A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.8:rc:*:*:*:*:*:*",
              "matchCriteriaId": "6D462DB0-E03E-4642-908F-16628FFA68FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "BB0CE816-3C7B-43CA-A0AB-A011D5B093D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1E6934-4CE0-4DFC-BA3E-67395C04B0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7230D1-2155-456D-B43A-AA66B24912B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56FBACE-0A1F-4AC3-B306-F8B0E9869BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE7557D-6BE4-49EA-97C2-011DF8CB6C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C392415-3564-44E3-82EA-CB3C8DB0BC27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5EB349-B1DF-4CF5-9468-37DC66A929C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF223411-6FA4-43EC-8668-7DB4A98E4DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E87C56-DFD9-45D9-9169-3BB94F647F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC082AE0-C49D-4944-BE76-B751DAD1EF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "23BAD8E4-2D3A-45EE-A25D-77BD698119BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7716EC-E0F9-4E50-8351-35D2F248B380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C2BD4D-9817-459E-ACF4-9C95233200A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EE5957-76F3-4B20-ADE7-E72D1300A3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "826FA7E4-7F48-4D1C-856C-A965527B0950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA54ADC7-2A36-40DA-8219-DAA31509E534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A14381E-91A1-4902-B409-1281CFA2D561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B33EB10-535F-42F2-8F78-CE128A89447C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "5966235B-2F1A-45C5-AF65-99FFFE4725DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*",
              "matchCriteriaId": "820B9CC0-2A18-4357-B01F-565A0E35E275",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0",
              "versionEndIncluding": "0.62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "129133D1-B374-4743-9F52-27D0A9558D17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a  5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario en determinadas aplicaciones que utilizan PuTTY a trav\u00e9s de un tama\u00f1o negativo en el valor de la firma en la clave RSA durante el handshake SSH, que provoca un desbordamiento basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2013-4852",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-19T23:55:09.077",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/54517"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/54533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://winscp.net/tracker/show_bug.cgi?id=1017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.search-lab.hu/advisories/secadv-20130722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://winscp.net/tracker/show_bug.cgi?id=1017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.search-lab.hu/advisories/secadv-20130722"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4852 (GCVE-0-2013-4852)

Vulnerability from cvelistv5 – Published: 2013-08-19 23:00 – Updated: 2024-08-06 16:59

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/54533	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/54517	third-party-advisoryx_refsource_SECUNIA
	http://winscp.net/tracker/show_bug.cgi?id=1017	x_refsource_MISC
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779	x_refsource_CONFIRM
	http://www.search-lab.hu/advisories/secadv-20130722	x_refsource_MISC
	http://www.debian.org/security/2013/dsa-2736	vendor-advisoryx_refsource_DEBIAN
	http://svn.tartarus.org/sgt?view=revision&sortby=…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/54379	third-party-advisoryx_refsource_SECUNIA
	http://www.chiark.greenend.org.uk/~sgtatham/putty…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:40.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54533"
          },
          {
            "name": "54517",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54517"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://winscp.net/tracker/show_bug.cgi?id=1017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.search-lab.hu/advisories/secadv-20130722"
          },
          {
            "name": "DSA-2736",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2736"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896"
          },
          {
            "name": "openSUSE-SU-2013:1347",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html"
          },
          {
            "name": "54379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54379"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html"
          },
          {
            "name": "openSUSE-SU-2013:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-30T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54533"
        },
        {
          "name": "54517",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54517"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://winscp.net/tracker/show_bug.cgi?id=1017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.search-lab.hu/advisories/secadv-20130722"
        },
        {
          "name": "DSA-2736",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2736"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896"
        },
        {
          "name": "openSUSE-SU-2013:1347",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html"
        },
        {
          "name": "54379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54379"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html"
        },
        {
          "name": "openSUSE-SU-2013:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4852",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54533"
            },
            {
              "name": "54517",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54517"
            },
            {
              "name": "http://winscp.net/tracker/show_bug.cgi?id=1017",
              "refsource": "MISC",
              "url": "http://winscp.net/tracker/show_bug.cgi?id=1017"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779"
            },
            {
              "name": "http://www.search-lab.hu/advisories/secadv-20130722",
              "refsource": "MISC",
              "url": "http://www.search-lab.hu/advisories/secadv-20130722"
            },
            {
              "name": "DSA-2736",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2736"
            },
            {
              "name": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896",
              "refsource": "MISC",
              "url": "http://svn.tartarus.org/sgt?view=revision\u0026sortby=date\u0026revision=9896"
            },
            {
              "name": "openSUSE-SU-2013:1347",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html"
            },
            {
              "name": "54379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54379"
            },
            {
              "name": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
              "refsource": "CONFIRM",
              "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html"
            },
            {
              "name": "openSUSE-SU-2013:1355",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4852",
    "datePublished": "2013-08-19T23:00:00",
    "dateReserved": "2013-07-16T00:00:00",
    "dateUpdated": "2024-08-06T16:59:40.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2013-4852

CVE-2013-4852 (GCVE-0-2013-4852)

Tags

Sightings

Nomenclature