CVE-2016-2563

CVE Database · CVE-2016-2563

CVE-2016-2563

· N/AModified

CVSS v3.1

N/A

EPSS

34.22%

Published

Apr 7, 2016

Modified

May 6, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBPutty pscp 0.66 - Stack Buffer Overwrite TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Weaknesses (CWE)

CWE-119

Affected Products (2)

9bis · kittyvulnerable

simon_tatham · puttyvulnerable

References (14)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html

http://seclists.org/fulldisclosure/2016/Mar/22

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html

Patch

http://www.securityfocus.com/bid/84296

http://www.securitytracker.com/id/1035257