Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
Up to and including version 0.70, PuTTY's terminal emulator would fail an assertion if the terminal is exactly one column wide and the terminal output stream tries to print a width-2 character of the kind used by Chinese, Japanese and Korean.
Both of the conditions for this failure can be triggered by remote terminal output. (Remote-controlled resizing of the terminal window can be turned off in the Features config panel, but it's on by default.) So, if a malicious process is able to write escape sequences to your terminal, then they can terminate your entire PuTTY session uncleanly, making it impossible for you to even recover any important information from your terminal scrollback.
As of 0.71, this assertion failure is fixed. If you ask PuTTY to display a width-2 character in a width-1 terminal, it will substitute a width-1 U+FFFD REPLACEMENT CHARACTER instead of getting confused.
This vulnerability was found by Brian Carpenter, as part of a bug bounty programme run under the auspices of the EU-FOSSA project.
CVE ID CVE-2019-9897 has been assigned for the collection of terminal DoS attacks fixed in 0.71, including this, vuln-terminal-dos-combining-chars and vuln-terminal-dos-combining-chars-double-width-gtk.