Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-13T05:00:00
Updated: 2024-08-08T00:53:23.781Z
Reserved: 2005-02-13T00:00:00
Link: CVE-2004-1440
Vulnrichment
No data.
NVD
Status : Modified
Published: 2004-12-31T05:00:00.000
Modified: 2017-07-11T01:31:02.043
Link: CVE-2004-1440
Redhat
No data.