Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Putty
(Putty)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-21 | CVE-2019-9897 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 7.5 | ||
| 2019-03-21 | CVE-2019-9898 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty | 9.8 | ||
| 2020-06-29 | CVE-2020-14002 | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). | Fedora, Oncommand_unified_manager_core_package, Putty | 5.9 | ||
| 2017-01-30 | CVE-2016-6167 | Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. | Putty | 7.8 | ||
| 2019-03-21 | CVE-2019-9896 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | Backports_sle, Leap, Putty | 7.8 | ||
| 2019-10-01 | CVE-2019-17069 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | Oncommand_unified_manager_core_package, Leap, Putty | 7.5 | ||
| 2013-08-19 | CVE-2013-4852 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. | Debian_linux, Opensuse, Putty, Putty, Winscp | N/A | ||
| 2013-08-19 | CVE-2013-4207 | Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206. | Putty, Putty | N/A | ||
| 2013-08-19 | CVE-2013-4206 | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. | Putty, Putty | N/A | ||
| 2021-05-21 | CVE-2021-33500 | PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. | Putty | 7.5 |