Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator (CVE-2015-5309).
{ "section": "core" }