1. CVE-Search
  2. CVE-2015-5309
ID CVE-2015-5309
Summary Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:-:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:-:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.53:b:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.53:b:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.53b:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.53b:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.54:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.55:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.56:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.57:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.58:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.59:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.61:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.62:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.63:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:simon_tatham:putty:0.65:*:*:*:*:*:*:*
    cpe:2.3:a:simon_tatham:putty:0.65:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
confirm http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
debian DSA-3409
fedora
  • FEDORA-2015-3d17682c15
  • FEDORA-2015-5ad4a1f151
gentoo GLSA-201606-01
sectrack 1034308
suse openSUSE-SU-2015:2023
Last major update 30-10-2018 - 16:27
Published 07-12-2015 - 20:59
Last modified 30-10-2018 - 16:27
Back to Top