VanDyke Software

Security Advisory

Security Advisory—SecureCRT® 5.0 and SecureFX® 3.0

In SecureCRT versions 5.0 through 5.0.4 and SecureFX version 3.0 through 3.0.4, a buffer overflow was theoretically possible when a Unicode string was converted to a narrow string.

Posted: March 3, 2006


When converting a Unicode string to a narrow string, it was theoretically possible to exploit a buffer overflow if certain conditions were met. This issue was found through code inspection. There are no known exploits. VanDyke Software considers the threat extremely minimal.

Affected Software Versions

SecureCRT versions 5.0 through 5.0.4.
SecureFX version 3.0 through 3.0.4.


Vulnerability Fix Downloads

SecureCRT 5.0.5 or later -
SecureFX 3.0.5 or later -


Technical Support

For further information on the security advisory, please contact VanDyke Software.

Official Postings

Secunia published an advisory on March 3, 2006.
VanDyke posted this page on March 3, 2006.


Revision History

March 3, 2006 - Security Advisory published.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.