Unrated severityNVD Advisory· Published Feb 21, 2005· Updated Apr 16, 2026

CVE-2005-0467

Description

Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.

Affected products

Putty/Putty
cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*
Range: <=0.56

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/14333nvdPatchVendor Advisory
www.gentoo.org/security/en/glsa/glsa-200502-28.xmlnvdPatchVendor Advisory
www.idefense.com/application/poi/displaynvdPatchVendor Advisory
www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.htmlnvdVendor Advisory
www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.htmlnvdVendor Advisory
secunia.com/advisories/17214nvd
www-1.ibm.com/support/docview.wssnvd
www-1.ibm.com/support/docview.wssnvd
exchange.xforce.ibmcloud.com/vulnerabilities/19403nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000