SecureCRT is reported prone to a remote denial of service vulnerability.
It is reported that supplying an excessive string value to the application
through the hostname field may trigger this vulnerability. Apparently,
this causes the client application to crash.
SecureCRT 4.0.9 and earlier may be vulnerable when SSH2 is used.
SecureCRT 4.1 or newer provides a fix for SSH2 connections.
Posted: January 14, 2005
The remote denial of service vulnerability described in this
advisory is a denial of service on the local machine caused
by SecureCRT crashing if an attempt is made to connect to an
SSH2 session with an excessively long hostname. The remote
machine is not affected by this vulnerability.
Affected Software Versions
SecureCRT 4.0.x official
SecureCRT 3.x official
SecureCRT 2.x official