CVE-2004-1008

CVSS 10.0 - HIGH

Description

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

Affected Products

10

Vendor	Product	Version
putty	putty	`0.48`
putty	putty	`0.49`
putty	putty	`0.50`
putty	putty	`0.51`
putty	putty	`0.52`
putty	putty	`0.53`
putty	putty	`0.53b`
putty	putty	`0.54`
putty	putty	`0.55`
tortoisecvs	tortoisecvs	`1.8`

References

http://marc.info/?l=bugtraq&m=109889312917613&w=2

http://secunia.com/advisories/12987/

http://secunia.com/advisories/13012/

http://secunia.com/advisories/17214

http://www-1.ibm.com/support/docview.wss?uid=ssg1S...

http://www-1.ibm.com/support/docview.wss?uid=ssg1S...

http://www.chiark.greenend.org.uk/~sgtatham/putty/

http://www.gentoo.org/security/en/glsa/glsa-200410...

http://www.idefense.com/application/poi/display?id...

http://www.securityfocus.com/bid/11549

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://marc.info/?l=bugtraq&m=109889312917613&w=2

http://secunia.com/advisories/12987/

http://secunia.com/advisories/13012/

http://secunia.com/advisories/17214

http://www-1.ibm.com/support/docview.wss?uid=ssg1S...

http://www-1.ibm.com/support/docview.wss?uid=ssg1S...

http://www.chiark.greenend.org.uk/~sgtatham/putty/

http://www.gentoo.org/security/en/glsa/glsa-200410...

http://www.idefense.com/application/poi/display?id...

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2004-1008
Published:: 2005-01-10
Modified:: 2026-04-16
CVSS Score:: 10.0
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Vendors

tortoisecvs putty

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL