VYPR
Unrated severityOSV Advisory· Published Jan 10, 2019· Updated Aug 5, 2024

CVE-2018-20684

CVE-2018-20684

Description

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Winscp/WinscpOSV2 versions
    5.10, 5.10.1, 5.10.2, …+ 1 more
    • (no CPE)range: 5.10, 5.10.1, 5.10.2, …
    • (no CPE)range: <5.14 beta

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.