Unrated severityOSV Advisory· Published Jan 10, 2019· Updated Aug 5, 2024
CVE-2018-20684
CVE-2018-20684
Description
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/106526mitrevdb-entryx_refsource_BID
- github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54mitrex_refsource_MISC
- sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtmitrex_refsource_MISC
- winscp.net/eng/docs/historymitrex_refsource_MISC
- winscp.net/tracker/1675mitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.