Unrated severityNVD Advisory· Published Dec 7, 2015· Updated May 6, 2026
CVE-2015-5309
CVE-2015-5309
Description
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-11/msg00099.htmlnvd
- www.debian.org/security/2015/dsa-3409nvd
- www.securitytracker.com/id/1034308nvd
- security.gentoo.org/glsa/201606-01nvd
News mentions
0No linked articles in our index yet.