CVE-2017-6542

CVE Database · CVE-2017-6542

CVE-2017-6542

· N/AModified

CVSS v3.1

N/A

EPSS

21.82%

Published

Mar 27, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBPuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

Weaknesses (CWE)

CWE-119

Affected Products (3)

putty · puttyvulnerable

opensuse · leapvulnerable

opensuse_project · leapvulnerable

References (16)

http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html

Third Party Advisory

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html

PatchVendor Advisory

http://www.securityfocus.com/bid/97156