WinSCP Long URI Handling Memory Corruption Vulnerability
BID:10160
Info
WinSCP Long URI Handling Memory Corruption Vulnerability
| Bugtraq ID: | 10160 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2004 12:00AM |
| Updated: | Apr 16 2004 12:00AM |
| Credit: | Discovery is credited to Luca Ercoli <[email protected]>. |
| Vulnerable: |
Martin Prikryl WinSCP 3.5.6 |
| Not Vulnerable: |
Martin Prikryl WinSCP 3.6.5 beta Martin Prikryl WinSCP 3.6.1 Martin Prikryl WinSCP 3.6 |
Discussion
WinSCP Long URI Handling Memory Corruption Vulnerability
It has been reported that WinSCP may be prone to a denial of service condition resulting from memory corruption. This issue occurs when the application attempts to handle excessively long 'sftp:' or 'scp' addresses.
WinSCP 3.5.6 is reported to be vulnerable to this issue, however, it is possible that other versions are affected as well.
It has been reported that WinSCP may be prone to a denial of service condition resulting from memory corruption. This issue occurs when the application attempts to handle excessively long 'sftp:' or 'scp' addresses.
WinSCP 3.5.6 is reported to be vulnerable to this issue, however, it is possible that other versions are affected as well.
Exploit / POC
WinSCP Long URI Handling Memory Corruption Vulnerability
The following proof of concept has been supplied:
The following proof of concept has been supplied:
Solution / Fix
WinSCP Long URI Handling Memory Corruption Vulnerability
Solution:
The vendor has provided an upgrade that resolves this issue.
Martin Prikryl WinSCP 3.5.6
Solution:
The vendor has provided an upgrade that resolves this issue.
Martin Prikryl WinSCP 3.5.6
-
WinSCP WinSCP 3.6.1
http://winscp.sourceforge.net/eng/download.php
References
WinSCP Long URI Handling Memory Corruption Vulnerability
References:
References:
- WinSCP Denial of Service (SecuriTeam)
- WinSCP Version History (WinSCP)