VYPR
Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Jun 16, 2026

CVE-2004-1008

CVE-2004-1008

Description

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Putty/Putty10 versions
    cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
    • cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
    • (no CPE)range: <0.56
  • cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.