Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 05:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally. | |
| Weaknesses | CWE-130 | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: jpcert
Published:
Updated: 2026-07-17T13:09:30.703Z
Reserved: 2026-07-10T02:15:09.033Z
Link: CVE-2026-60060
Updated: 2026-07-17T13:09:18.400Z
No data.
No data.
OpenCVE Enrichment
No data.