Loading
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
Cite this page
CVE-2013-4852. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2013-4852
Use CWE-189, Winscp vendor hub and Winscp product page to widen CVE-2013-4852 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-3331, CVE-2020-28864 and CVE-2007-4909 for nearby disclosures in the same product family.