Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

Published: Apr 7, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-2563
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
9bis / kitty	-	0.66.6.3.x
simon_tatham / putty	-	0.66.x

http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html
http://seclists.org/fulldisclosure/2016/Mar/22
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
http://www.securityfocus.com/bid/84296
http://www.securitytracker.com/id/1035257
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
https://security.gentoo.org/glsa/201606-01

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo