JVN#65294474
Multiple vulnerabilities in TTSSH2 plugin of Tera Term
Overview
TTSSH2 plugin of Tera Term provided by TeraTerm Project contains multiple vulnerabilities.
Products Affected
- TTSSH2 1.00 alpha1 to 3.6.1
Description
TTSSH2 plugin of Tera Term provided by TeraTerm Project contains the following vulnerabilities:
- Unsigned to Signed Conversion Error (CWE-196)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 6.3
- CVE-2026-58317
- Improper Handling of Length Parameter Inconsistency (CWE-130)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 6.3
- CVE-2026-60060
Impact
The following conditions may occur when Tera Term attempts to establish an SSH connection to a server set up by an attacker:
- An out-of-bounds read may result in data from adjacent memory being treated as part of an incoming packet.
- An out-of-bounds write may occur. The attacker cannot freely control the value written; only a temporary null-byte ('\0') write followed by restoration of the original value is possible.
Solution
Update the Software
Update the software to the latest version in the Tera Term 5 series according to the information provided by the developer.
The developer has released the following version to address these vulnerabilities:
- TTSSH2 3.6.2 (Tera Term 5.6.2)
Vendor Status
| Vendor | Link |
| TeraTerm Project | TTSSH2 has out-of-bounds access vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2026-58317
Yukihiro Nakamura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2026-60060
TeraTerm Project reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-58317 |
|
CVE-2026-60060 |
|
| JVN iPedia |
JVNDB-2026-000099 |