In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NWinscp
APPWinscp≤ 5.13.7
Related vulnerabilities
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a ...
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have o...
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers wit...
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbit...
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote...