PuTTY vulnerability vuln-terminal-dos-combining-chars-double-width-gtk

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Pre-release · Snapshot | Docs | Changes | Wishlist

summary: DoS by terminal output involving combining characters, double-width text, an odd number of terminal columns, and GTK
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
absent-in: 0.57
fixed-in: daf91ef8ae9780bb1dfb534afa79e4babb89ba26 0.71

Up to and including version 0.70, the GTK front end to PuTTY's terminal emulator would fail an assertion in a corner case:

All the conditions for this failure can be triggered by remote terminal output. (Remote-controlled resizing of the terminal window can be turned off in the Features config panel, but it's on by default.) So, if a malicious process is able to write escape sequences to your terminal, then they can terminate your entire PuTTY session uncleanly, making it impossible for you to even recover any important information from your terminal scrollback.

As of 0.71, this assertion failure is fixed. PuTTY will cleanly handle this case by not trying to display anything that confuses it.

This vulnerability was found by Brian Carpenter, as part of a bug bounty programme run under the auspices of the EU-FOSSA project.

CVE ID CVE-2019-9897 has been assigned for the collection of terminal DoS attacks fixed in 0.71, including this, vuln-terminal-dos-combining-chars and vuln-terminal-dos-one-column-cjk.


If you want to comment on this web site, see the Feedback page.
Audit trail for this vulnerability.
(last revision of this bug record was at 2019-03-25 20:23:34 +0000)