Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Denial of Service via SFTP (Stack Exhaustion)

2021-06-29

I have added this issue to the tracker:
https://winscp.net/tracker/1999

martin

Re: Denial of Service via SFTP (Stack Exhaustion)

2021-06-22

Thanks for your report. Can give us some instructions for starting the server? We have no experience with Node.js. Or just describe how the DoS attack works.

Zlynt

Denial of Service via SFTP (Stack Exhaustion)

2021-06-19 21:11

With the use of a malicious server, it is possible to cause a stack exhaustion.

Run a local or remote server using the custom server provided in the attachment. To run the server it is needed Node.js. After starting the server, connect to it using the following settings:

Protocol: SFTP
Port number: 22
Username: demo
The server does not have a password

WinSCP version: 5.19
OS version: Windows 10 Education x64

Post a reply

Topic review

Re: Denial of Service via SFTP (Stack Exhaustion)

Re: Denial of Service via SFTP (Stack Exhaustion)

Denial of Service via SFTP (Stack Exhaustion)

Documentation

Support

Associations

Follow Us