Arbitrary File Overwrite Vulnerability in WinSCP's SCP Implementation

Arbitrary File Overwrite Vulnerability in WinSCP's SCP Implementation

CVE-2018-20684 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.

Learn more about our Cis Benchmark Audit For Server Software.