Release date: July 15, 2026
Tera Term bundles the TTSSH2 plugin, which enables SSH connections.
TTSSH2 3.6.1 or earlier has a vulnerability that can cause out-of-bounds access due to packets from a malicious server or a man-in-the-middle attacker.
From TTSSH2 1.00 alpha1 through 3.6.1.
Tera Term versions bundling TTSSH2: From UTF-8 TeraTerm Pro 2.05 (bundling TTSSH2 1.00 alpha2) through Tera Term 5.6.1 (bundling TTSSH2 3.6.1).
An out-of-bounds read may cause adjacent memory to be interpreted as part of the received packet.
An out-of-bounds write may cause adjacent memory to be overwritten. The written values are not attacker-controlled; they are limited to a temporary '\0' and restoration of the original value.
As a result, adjacent memory contents may be sent to the server, and Tera Term may behave unexpectedly or terminate abnormally.
Please use the latest release of the software 5.x series.
There are no plans to provide a fix for the software 4.x series.
Thank you for Yukihiro Nakamura, IPA and JPCERT/CC relationship.
Email: TeraTerm-nospam-contactgroups.io