Ttssh2
Monthly
Out-of-bounds memory read and write in Tera Term's TTSSH2 SSH plugin exposes users who connect to attacker-controlled SSH servers to memory disclosure and potential client crashes. The root cause is an unsigned-to-signed integer conversion error (CWE-196) in the SSH connection handshake code, which can cause internal memory contents to be transmitted to the malicious server. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the network-reachable nature with no privilege requirement on the attacker side makes social-engineering lures a realistic delivery vector.
Out-of-bounds read/write in the TTSSH2 SSH plugin of Tera Term exposes users who connect to attacker-controlled SSH servers to memory disclosure and process crashes. A malicious SSH server can send crafted packets with inconsistent length parameters during connection establishment, causing the TTSSH2 plugin to read and write beyond allocated buffer boundaries - leaking adjacent memory contents (potentially including session data or credentials) back to the attacker's server. No public exploit or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated server-side position make this a credible threat for Tera Term users in environments where they may connect to untrusted SSH endpoints.
Out-of-bounds memory read and write in Tera Term's TTSSH2 SSH plugin exposes users who connect to attacker-controlled SSH servers to memory disclosure and potential client crashes. The root cause is an unsigned-to-signed integer conversion error (CWE-196) in the SSH connection handshake code, which can cause internal memory contents to be transmitted to the malicious server. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the network-reachable nature with no privilege requirement on the attacker side makes social-engineering lures a realistic delivery vector.
Out-of-bounds read/write in the TTSSH2 SSH plugin of Tera Term exposes users who connect to attacker-controlled SSH servers to memory disclosure and process crashes. A malicious SSH server can send crafted packets with inconsistent length parameters during connection establishment, causing the TTSSH2 plugin to read and write beyond allocated buffer boundaries - leaking adjacent memory contents (potentially including session data or credentials) back to the attacker's server. No public exploit or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated server-side position make this a credible threat for Tera Term users in environments where they may connect to untrusted SSH endpoints.