CVE-2017-6542
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
27/03/2017
Last modified:
20/04/2025
Description
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:* | 0.67 (including) | |
| cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
- http://www.securityfocus.com/bid/97156
- http://www.securitytracker.com/id/1038067
- https://git.tartarus.org/?p=simon/putty.git%3Ba%3Dcommitdiff%3Bh%3D4ff22863d895cb7ebfced4cf923a012a614adaa8
- https://security.gentoo.org/glsa/201703-03
- https://security.gentoo.org/glsa/201706-09
- https://www.exploit-db.com/exploits/42137/
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
- http://www.securityfocus.com/bid/97156
- http://www.securitytracker.com/id/1038067
- https://git.tartarus.org/?p=simon/putty.git%3Ba%3Dcommitdiff%3Bh%3D4ff22863d895cb7ebfced4cf923a012a614adaa8
- https://security.gentoo.org/glsa/201703-03
- https://security.gentoo.org/glsa/201706-09
- https://www.exploit-db.com/exploits/42137/