Skip to main content

Ttssh2

2 CVEs product

Monthly

CVE-2026-58317 MEDIUM This Month

Out-of-bounds memory read and write in Tera Term's TTSSH2 SSH plugin exposes users who connect to attacker-controlled SSH servers to memory disclosure and potential client crashes. The root cause is an unsigned-to-signed integer conversion error (CWE-196) in the SSH connection handshake code, which can cause internal memory contents to be transmitted to the malicious server. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the network-reachable nature with no privilege requirement on the attacker side makes social-engineering lures a realistic delivery vector.

Buffer Overflow Ttssh2
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2026-60060 MEDIUM This Month

Out-of-bounds read/write in the TTSSH2 SSH plugin of Tera Term exposes users who connect to attacker-controlled SSH servers to memory disclosure and process crashes. A malicious SSH server can send crafted packets with inconsistent length parameters during connection establishment, causing the TTSSH2 plugin to read and write beyond allocated buffer boundaries - leaking adjacent memory contents (potentially including session data or credentials) back to the attacker's server. No public exploit or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated server-side position make this a credible threat for Tera Term users in environments where they may connect to untrusted SSH endpoints.

Buffer Overflow Ttssh2
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
EPSS 0% CVSS 5.1
MEDIUM This Month

Out-of-bounds memory read and write in Tera Term's TTSSH2 SSH plugin exposes users who connect to attacker-controlled SSH servers to memory disclosure and potential client crashes. The root cause is an unsigned-to-signed integer conversion error (CWE-196) in the SSH connection handshake code, which can cause internal memory contents to be transmitted to the malicious server. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the network-reachable nature with no privilege requirement on the attacker side makes social-engineering lures a realistic delivery vector.

Buffer Overflow Ttssh2
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Out-of-bounds read/write in the TTSSH2 SSH plugin of Tera Term exposes users who connect to attacker-controlled SSH servers to memory disclosure and process crashes. A malicious SSH server can send crafted packets with inconsistent length parameters during connection establishment, causing the TTSSH2 plugin to read and write beyond allocated buffer boundaries - leaking adjacent memory contents (potentially including session data or credentials) back to the attacker's server. No public exploit or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated server-side position make this a credible threat for Tera Term users in environments where they may connect to untrusted SSH endpoints.

Buffer Overflow Ttssh2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy