Total vulnerabilities in the database
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
| Software | From | Fixed in |
|---|---|---|
| cisco / ios | 12.0s | 12.0s.x |
| cisco / ios | 12.0st | 12.0st.x |
| cisco / ios | 12.1e | 12.1e.x |
| cisco / ios | 12.1ea | 12.1ea.x |
| cisco / ios | 12.1t | 12.1t.x |
| cisco / ios | 12.2 | 12.2.x |
| cisco / ios | 12.2s | 12.2s.x |
| cisco / ios | 12.2t | 12.2t.x |
| fissh / ssh_client | 1.0a_for_windows | 1.0a_for_windows.x |
| intersoft / securenetterm | 5.4.1 | 5.4.1.x |
| netcomposite / shellguard_ssh | 3.4.6 | 3.4.6.x |
| pragma_systems / secureshell | 2.0 | 2.0.x |
| putty / putty | 0.48 | 0.48.x |
| putty / putty | 0.49 | 0.49.x |
| putty / putty | 0.53 | 0.53.x |
| winscp / winscp | 2.0.0 | 2.0.0.x |