Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
PuTTY 0.72 introduced a bug in the terminal's handling of xterm bracketed paste mode, in which the two bracketing escape sequences could appear together, with the pasted data following them, instead of between them.
This is classed as a vulnerability because it's possible that some terminal applications might have been depending on the bracket sequences identfiying pasted data in order to prevent it from causing particular actions, so that a malicious clipboard writer could not invoke those actions.
However, if the application was only depending on the brackets to provide a hint about the semantics of the data (for example, pasting tab characters physically in an editor instead of treating them as invocations of an auto-indent command) then there need not be any security effect.
This bug was first reported by Axel Sander. It has been assigned CVE-2019-17068.