vulnerability
FreeBSD: VID-7f0fbb30-e462-11e5-a3f3-080027ef73ec (CVE-2016-2563): PuTTY - old-style scp downloads may allow remote code execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 7, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 7, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Simon G. Tatham reports: Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction (i.e. downloading from server to client) of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file.[...] you can work around it in a vulnerable PSCP by using the -sftp option to force the use of the newer SFTP protocol, provided your server supports that protocol.
Solution
freebsd-upgrade-package-putty
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.