Vulnerabilites related to simon_tatham - putty
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
putty | putty | 0.45 | |
putty | putty | 0.46 | |
putty | putty | 0.47 | |
putty | putty | 0.48 | |
putty | putty | 0.49 | |
putty | putty | 0.50 | |
putty | putty | 0.51 | |
putty | putty | 0.52 | |
putty | putty | 0.53b | |
putty | putty | 0.54 | |
putty | putty | 0.55 | |
putty | putty | 0.56 | |
putty | putty | 0.57 | |
putty | putty | 0.58 | |
putty | putty | 0.59 | |
putty | putty | 0.60 | |
putty | putty | 0.61 | |
putty | putty | 2010-06-01 | |
simon_tatham | putty | * | |
simon_tatham | putty | 0.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*", matchCriteriaId: "5D5EB349-B1DF-4CF5-9468-37DC66A929C3", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*", matchCriteriaId: "CF223411-6FA4-43EC-8668-7DB4A98E4DEA", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*", matchCriteriaId: "D0E87C56-DFD9-45D9-9169-3BB94F647F15", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*", matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*", matchCriteriaId: "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*", matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*", matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*", matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*", matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*", matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*", matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*", matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*", matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*", matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*", matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*", matchCriteriaId: "820B9CC0-2A18-4357-B01F-565A0E35E275", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0", versionEndIncluding: "0.62", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*", matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.", }, { lang: "es", value: "Desbordamiento de búfer en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) a través de una firma DSA no válida que no es manejada adecuadamente durante el cálculo de un inverso modular que provoca el desbordamiento durante una división entre cero por la funcionalidad \"bignum\". Vulnerabilidad distinta de CVE-2013-4206.", }, ], id: "CVE-2013-4207", lastModified: "2024-11-21T01:55:07.857", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-19T23:55:08.767", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54533", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "622C1C29-794B-4000-90B0-E2BB65ED0AB2", versionEndIncluding: "5.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:3.7.6:*:*:*:*:*:*:*", matchCriteriaId: "2E3DFFBF-4E07-4449-A7A0-873DF6A98E21", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*", matchCriteriaId: "89254511-B715-4515-AA6F-86133A2182CD", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:3.8_beta:*:*:*:*:*:*:*", matchCriteriaId: "5EA30CE9-054B-4C5E-BE4E-8F404E3BBD49", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D838748A-09CC-4940-829F-910B013A9962", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "F6DD6743-97F5-43AB-8D84-FB3561BDE964", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.2.6:*:*:*:*:*:*:*", matchCriteriaId: "12FA1BCF-7E92-4C97-9B44-579A28FD1AA0", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.2.7:*:*:*:*:*:*:*", matchCriteriaId: "3569C249-6505-469C-B44D-9CD44497E153", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D0C15244-1AD8-4D82-BAC4-FD77A83FBFE3", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.2.9:*:*:*:*:*:*:*", matchCriteriaId: "B5E49405-3C31-488C-8D28-2A417083D07B", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.2:*:*:*:*:*:*:*", matchCriteriaId: "2B148D20-65E9-4C6B-985E-69BC737FC36F", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.4:*:*:*:*:*:*:*", matchCriteriaId: "81237965-5289-4784-BCE9-44891036E49A", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.5:*:*:*:*:*:*:*", matchCriteriaId: "48CCC513-6594-4AD4-BB11-47456767F741", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.6:*:*:*:*:*:*:*", matchCriteriaId: "53DAE27A-C884-4619-B9D2-4BB356DD0743", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.7:*:*:*:*:*:*:*", matchCriteriaId: "3AB16665-C7CD-4672-A8DF-CED0267C6909", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.8:*:*:*:*:*:*:*", matchCriteriaId: "C4E4F93A-F40E-4367-ACDA-97190281BED5", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.3.9:*:*:*:*:*:*:*", matchCriteriaId: "058A5223-B23D-483E-89FC-64BAE4E98FE3", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E35FFF50-7989-4749-BE7D-51068B249D4C", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0:beta:*:*:*:*:*:*", matchCriteriaId: "1993D161-712E-47AE-8402-538273CC21EB", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.1:beta:*:*:*:*:*:*", matchCriteriaId: "E42F707C-A70C-4EF5-B898-F693B6C586BB", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.2:beta:*:*:*:*:*:*", matchCriteriaId: "5C8DB53F-739D-4B28-9D16-D6CF4478CAE9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.3:beta:*:*:*:*:*:*", matchCriteriaId: "C6521E48-0607-4F51-81F4-569DC950F01E", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.4:beta:*:*:*:*:*:*", matchCriteriaId: "D8204C5B-23CF-4111-BF98-EB73442CD47B", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.5:beta:*:*:*:*:*:*", matchCriteriaId: "4100FDCF-087A-44AA-ABA2-C0632FE452F9", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.6:beta:*:*:*:*:*:*", matchCriteriaId: "F2496D95-22A2-4EA9-A090-45E630D57526", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.7:beta:*:*:*:*:*:*", matchCriteriaId: "3C6B9617-B687-4885-8100-2ECBEE1E157A", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.8:rc:*:*:*:*:*:*", matchCriteriaId: "6D462DB0-E03E-4642-908F-16628FFA68FA", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.0.9:rc:*:*:*:*:*:*", matchCriteriaId: "BB0CE816-3C7B-43CA-A0AB-A011D5B093D6", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FF1E6934-4CE0-4DFC-BA3E-67395C04B0BB", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AD7230D1-2155-456D-B43A-AA66B24912B7", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A56FBACE-0A1F-4AC3-B306-F8B0E9869BAE", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.1.3:*:*:*:*:*:*:*", matchCriteriaId: "5FE7557D-6BE4-49EA-97C2-011DF8CB6C74", vulnerable: true, }, { criteria: "cpe:2.3:a:winscp:winscp:5.1.4:*:*:*:*:*:*:*", matchCriteriaId: "0C392415-3564-44E3-82EA-CB3C8DB0BC27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "7B21E9A8-CE63-42C2-A11A-94D977A96DF1", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*", matchCriteriaId: "5D5EB349-B1DF-4CF5-9468-37DC66A929C3", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*", matchCriteriaId: "CF223411-6FA4-43EC-8668-7DB4A98E4DEA", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*", matchCriteriaId: "D0E87C56-DFD9-45D9-9169-3BB94F647F15", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*", matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*", matchCriteriaId: "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*", matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*", matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*", matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*", matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*", matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*", matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*", matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*", matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*", matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*", matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*", matchCriteriaId: "820B9CC0-2A18-4357-B01F-565A0E35E275", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0", versionEndIncluding: "0.62", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*", matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.", }, { lang: "es", value: "Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario en determinadas aplicaciones que utilizan PuTTY a través de un tamaño negativo en el valor de la firma en la clave RSA durante el handshake SSH, que provoca un desbordamiento basado en memoria dinámica.", }, ], id: "CVE-2013-4852", lastModified: "2024-11-21T01:56:32.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-19T23:55:09.077", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/54517", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/54533", }, { source: "cve@mitre.org", url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", }, { source: "cve@mitre.org", url: "http://winscp.net/tracker/show_bug.cgi?id=1017", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "cve@mitre.org", url: "http://www.search-lab.hu/advisories/secadv-20130722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://winscp.net/tracker/show_bug.cgi?id=1017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.search-lab.hu/advisories/secadv-20130722", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-07 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", matchCriteriaId: "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "F1D5CADD-AE31-4CCD-967F-AAF04CFBDBA6", versionEndIncluding: "0.65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.", }, { lang: "es", value: "Desbordamiento de entero en el emulador de terminal en PuTTY en versiones anteriores a 0.66 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de una secuencia de escape ECH (borrar caracteres) con un valor de parámetro grande, que desencadena un desbordamiento inferior de buffer.", }, ], id: "CVE-2015-5309", lastModified: "2024-11-21T02:32:46.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-12-07T20:59:08.060", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2015/dsa-3409", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1034308", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201606-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3409", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201606-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
putty | putty | 0.45 | |
putty | putty | 0.46 | |
putty | putty | 0.47 | |
putty | putty | 0.48 | |
putty | putty | 0.49 | |
putty | putty | 0.50 | |
putty | putty | 0.51 | |
putty | putty | 0.52 | |
putty | putty | 0.53b | |
putty | putty | 0.54 | |
putty | putty | 0.55 | |
putty | putty | 0.56 | |
putty | putty | 0.57 | |
putty | putty | 0.58 | |
putty | putty | 0.59 | |
putty | putty | 0.60 | |
putty | putty | 0.61 | |
putty | putty | 2010-06-01 | |
simon_tatham | putty | * | |
simon_tatham | putty | 0.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*", matchCriteriaId: "5D5EB349-B1DF-4CF5-9468-37DC66A929C3", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*", matchCriteriaId: "CF223411-6FA4-43EC-8668-7DB4A98E4DEA", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*", matchCriteriaId: "D0E87C56-DFD9-45D9-9169-3BB94F647F15", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*", matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*", matchCriteriaId: "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*", matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*", matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*", matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*", matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*", matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*", matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*", matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*", matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*", matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*", matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*", matchCriteriaId: "820B9CC0-2A18-4357-B01F-565A0E35E275", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0", versionEndIncluding: "0.62", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*", matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.", }, { lang: "es", value: "Desbordamiento de búfer basado en memoria dinámica en la función modmul en sshbn.c en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente causar una corrupción de memoria o ejecución de código a través de una firma DSA manipulada que no es manejada adecuadamente cuando se realizan determinadas operaciones de bit-shifting durante una multiplicación modular.", }, ], id: "CVE-2013-4206", lastModified: "2024-11-21T01:55:07.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-19T23:55:08.723", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54533", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:55
Severity ?
Summary
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
putty | putty | 0.45 | |
putty | putty | 0.46 | |
putty | putty | 0.47 | |
putty | putty | 0.48 | |
putty | putty | 0.49 | |
putty | putty | 0.50 | |
putty | putty | 0.51 | |
putty | putty | 0.52 | |
putty | putty | 0.53b | |
putty | putty | 0.54 | |
putty | putty | 0.55 | |
putty | putty | 0.56 | |
putty | putty | 0.57 | |
putty | putty | 0.58 | |
putty | putty | 0.59 | |
putty | putty | 0.60 | |
putty | putty | 0.61 | |
simon_tatham | putty | * | |
simon_tatham | putty | 0.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*", matchCriteriaId: "5D5EB349-B1DF-4CF5-9468-37DC66A929C3", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*", matchCriteriaId: "CF223411-6FA4-43EC-8668-7DB4A98E4DEA", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*", matchCriteriaId: "D0E87C56-DFD9-45D9-9169-3BB94F647F15", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*", matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*", matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*", matchCriteriaId: "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*", matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*", matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*", matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*", matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*", matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*", matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*", matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*", matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*", matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*", matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0", versionEndIncluding: "0.62", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*", matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.", }, { lang: "es", value: "La función rsa_verify en PuTTY anterior a 0.63 (1) no limpia de memoria los procesos sensibles después de usarlos y (2)no libera determinadas estructuras que contienen procesos sensibles, lo que podría permitir a usuarios locales descubrir claves privadas RSA y DSA.", }, ], id: "CVE-2013-4208", lastModified: "2024-11-21T01:55:07.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-19T23:55:08.833", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54533", }, { source: "secalert@redhat.com", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-27 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
debian | debian_linux | 7.0 | |
fedoraproject | fedora | 20 | |
fedoraproject | fedora | 22 | |
opensuse | opensuse | 13.1 | |
opensuse | opensuse | 13.2 | |
putty | putty | 0.51 | |
putty | putty | 0.52 | |
putty | putty | 0.53b | |
putty | putty | 0.54 | |
putty | putty | 0.55 | |
putty | putty | 0.56 | |
putty | putty | 0.57 | |
putty | putty | 0.58 | |
putty | putty | 0.59 | |
putty | putty | 0.60 | |
putty | putty | 0.61 | |
putty | putty | 0.62 | |
putty | putty | 0.63 | |
simon_tatham | putty | 0.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*", matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*", matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*", matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*", matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*", matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*", matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*", matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*", matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*", matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*", matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*", matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.62:*:*:*:*:*:*:*", matchCriteriaId: "B9942BA6-8947-4742-9A38-2E2F2F5DD341", vulnerable: true, }, { criteria: "cpe:2.3:a:putty:putty:0.63:*:*:*:*:*:*:*", matchCriteriaId: "811276A3-5FB5-4718-94FF-E9B6503B8ABB", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*", matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.", }, { lang: "es", value: "Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria.", }, ], id: "CVE-2015-2157", lastModified: "2024-11-21T02:26:53.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-03-27T14:59:05.697", references: [ { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3190", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/02/28/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/02/28/5", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/72825", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/02/28/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/02/28/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72825", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:48
Severity ?
Summary
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
9bis | kitty | * | |
simon_tatham | putty | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*", matchCriteriaId: "479C8AD6-8701-4170-9065-1B4F96CC81F1", versionEndIncluding: "0.66.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "090C55DB-A0E2-4281-8A96-C8CB7291F6D1", versionEndIncluding: "0.66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.", }, { lang: "es", value: "Desbordamiento de buffer basado en pila en la utilidad comando-línea de SCP en PuTTY en versiones anteriores a 0.67 y KiTTY 0.66.6.3 y versiones anteriores permite a servidores remotos causar una denegación de servicio (corrupción de memoria de pila) o ejecutar código arbitrario a través de una respuesta de tamño de archivo SCP-SINK a una petición de descarga SCP.", }, ], id: "CVE-2016-2563", lastModified: "2024-11-21T02:48:42.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:07.657", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2016/Mar/22", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/84296", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035257", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201606-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2016/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/84296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201606-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2013-4206
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2013/08/06/11 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/54533 | third-party-advisory, x_refsource_SECUNIA | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2013/dsa-2736 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/54379 | third-party-advisory, x_refsource_SECUNIA | |
http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54533", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-05T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-30T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54533", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54379", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4206", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", refsource: "SECUNIA", url: "http://secunia.com/advisories/54533", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html", }, { name: "DSA-2736", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", refsource: "SECUNIA", url: "http://secunia.com/advisories/54379", }, { name: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", refsource: "CONFIRM", url: "http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4206", datePublished: "2013-08-19T23:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2563
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html | vendor-advisory, x_refsource_SUSE | |
http://www.securitytracker.com/id/1035257 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201606-01 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/84296 | vdb-entry, x_refsource_BID | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html | x_refsource_CONFIRM | |
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 | x_refsource_MISC | |
http://seclists.org/fulldisclosure/2016/Mar/22 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2016:1453", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html", }, { name: "1035257", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035257", }, { name: "GLSA-201606-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201606-01", }, { name: "84296", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/84296", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", }, { name: "20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Mar/22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-05T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2016:1453", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html", }, { name: "1035257", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035257", }, { name: "GLSA-201606-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201606-01", }, { name: "84296", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/84296", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", }, { name: "20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Mar/22", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2563", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2016:1453", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html", }, { name: "1035257", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035257", }, { name: "GLSA-201606-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201606-01", }, { name: "84296", refsource: "BID", url: "http://www.securityfocus.com/bid/84296", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html", }, { name: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", refsource: "MISC", url: "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563", }, { name: "20160309 CVE-2016-2563 - PuTTY/PSCP <=0.66 buffer overflow - vuln-pscp-sink-sscanf", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Mar/22", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2563", datePublished: "2016-04-07T23:00:00", dateReserved: "2016-02-25T00:00:00", dateUpdated: "2024-08-05T23:32:20.848Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4207
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2013/08/06/11 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/54533 | third-party-advisory, x_refsource_SECUNIA | |
http://www.debian.org/security/2013/dsa-2736 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html | vendor-advisory, x_refsource_SUSE | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/54379 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.696Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54533", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54379", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-05T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-30T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54533", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54379", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4207", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", refsource: "SECUNIA", url: "http://secunia.com/advisories/54533", }, { name: "DSA-2736", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html", }, { name: "54379", refsource: "SECUNIA", url: "http://secunia.com/advisories/54379", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4207", datePublished: "2013-08-19T23:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4852
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/54533 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/54517 | third-party-advisory, x_refsource_SECUNIA | |
http://winscp.net/tracker/show_bug.cgi?id=1017 | x_refsource_MISC | |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 | x_refsource_CONFIRM | |
http://www.search-lab.hu/advisories/secadv-20130722 | x_refsource_MISC | |
http://www.debian.org/security/2013/dsa-2736 | vendor-advisory, x_refsource_DEBIAN | |
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/54379 | third-party-advisory, x_refsource_SECUNIA | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54533", }, { name: "54517", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54517", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://winscp.net/tracker/show_bug.cgi?id=1017", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.search-lab.hu/advisories/secadv-20130722", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", }, { name: "openSUSE-SU-2013:1355", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-05T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-30T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54533", }, { name: "54517", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54517", }, { tags: [ "x_refsource_MISC", ], url: "http://winscp.net/tracker/show_bug.cgi?id=1017", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", }, { tags: [ "x_refsource_MISC", ], url: "http://www.search-lab.hu/advisories/secadv-20130722", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { tags: [ "x_refsource_MISC", ], url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54379", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", }, { name: "openSUSE-SU-2013:1355", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54533", refsource: "SECUNIA", url: "http://secunia.com/advisories/54533", }, { name: "54517", refsource: "SECUNIA", url: "http://secunia.com/advisories/54517", }, { name: "http://winscp.net/tracker/show_bug.cgi?id=1017", refsource: "MISC", url: "http://winscp.net/tracker/show_bug.cgi?id=1017", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779", }, { name: "http://www.search-lab.hu/advisories/secadv-20130722", refsource: "MISC", url: "http://www.search-lab.hu/advisories/secadv-20130722", }, { name: "DSA-2736", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", refsource: "MISC", url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896", }, { name: "openSUSE-SU-2013:1347", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", refsource: "SECUNIA", url: "http://secunia.com/advisories/54379", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html", }, { name: "openSUSE-SU-2013:1355", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4852", datePublished: "2013-08-19T23:00:00", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4208
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2013/08/06/11 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/54533 | third-party-advisory, x_refsource_SECUNIA | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html | x_refsource_CONFIRM | |
http://www.debian.org/security/2013/dsa-2736 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html | vendor-advisory, x_refsource_SUSE | |
http://secunia.com/advisories/54379 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54533", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54379", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-05T00:00:00", descriptions: [ { lang: "en", value: "The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-30T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54533", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", }, { name: "DSA-2736", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54379", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4208", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/08/06/11", }, { name: "54533", refsource: "SECUNIA", url: "http://secunia.com/advisories/54533", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html", }, { name: "DSA-2736", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2736", }, { name: "openSUSE-SU-2013:1347", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html", }, { name: "54379", refsource: "SECUNIA", url: "http://secunia.com/advisories/54379", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4208", datePublished: "2013-08-19T23:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.962Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-2157
Vulnerability from cvelistv5
Published
2015-03-27 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
References
▼ | URL | Tags |
---|---|---|
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | x_refsource_CONFIRM | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/72825 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2015/dsa-3190 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html | vendor-advisory, x_refsource_FEDORA | |
http://www.openwall.com/lists/oss-security/2015/02/28/4 | mailing-list, x_refsource_MLIST | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2015/02/28/5 | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html | vendor-advisory, x_refsource_SUSE | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:10:14.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2015-3160", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html", }, { name: "72825", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72825", }, { name: "DSA-3190", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3190", }, { name: "FEDORA-2015-3070", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html", }, { name: "[oss-security] 20150228 CVE Request: PuTTY fails to clear private key information from memory", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/02/28/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", }, { name: "[oss-security] 20150228 Re: CVE Request: PuTTY fails to clear private key information from memory", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/02/28/5", }, { name: "openSUSE-SU-2015:0474", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html", }, { name: "FEDORA-2015-3204", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-28T00:00:00", descriptions: [ { lang: "en", value: "The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-30T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2015-3160", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html", }, { name: "72825", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72825", }, { name: "DSA-3190", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3190", }, { name: "FEDORA-2015-3070", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html", }, { name: "[oss-security] 20150228 CVE Request: PuTTY fails to clear private key information from memory", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/02/28/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", }, { name: "[oss-security] 20150228 Re: CVE Request: PuTTY fails to clear private key information from memory", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/02/28/5", }, { name: "openSUSE-SU-2015:0474", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html", }, { name: "FEDORA-2015-3204", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-2157", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2015-3160", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html", }, { name: "72825", refsource: "BID", url: "http://www.securityfocus.com/bid/72825", }, { name: "DSA-3190", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3190", }, { name: "FEDORA-2015-3070", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html", }, { name: "[oss-security] 20150228 CVE Request: PuTTY fails to clear private key information from memory", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/02/28/4", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html", }, { name: "[oss-security] 20150228 Re: CVE Request: PuTTY fails to clear private key information from memory", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/02/28/5", }, { name: "openSUSE-SU-2015:0474", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html", }, { name: "FEDORA-2015-3204", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-2157", datePublished: "2015-03-27T14:00:00", dateReserved: "2015-02-28T00:00:00", dateUpdated: "2024-08-06T05:10:14.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5309
Vulnerability from cvelistv5
Published
2015-12-07 20:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2015/dsa-3409 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html | vendor-advisory, x_refsource_FEDORA | |
http://www.securitytracker.com/id/1034308 | vdb-entry, x_refsource_SECTRACK | |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201606-01 | vendor-advisory, x_refsource_GENTOO | |
http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3409", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3409", }, { name: "FEDORA-2015-3d17682c15", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html", }, { name: "FEDORA-2015-5ad4a1f151", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html", }, { name: "1034308", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034308", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", }, { name: "GLSA-201606-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201606-01", }, { name: "openSUSE-SU-2015:2023", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-07T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-12T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-3409", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3409", }, { name: "FEDORA-2015-3d17682c15", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html", }, { name: "FEDORA-2015-5ad4a1f151", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html", }, { name: "1034308", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034308", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", }, { name: "GLSA-201606-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201606-01", }, { name: "openSUSE-SU-2015:2023", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5309", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3409", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3409", }, { name: "FEDORA-2015-3d17682c15", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html", }, { name: "FEDORA-2015-5ad4a1f151", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html", }, { name: "1034308", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034308", }, { name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", refsource: "CONFIRM", url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", }, { name: "GLSA-201606-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201606-01", }, { name: "openSUSE-SU-2015:2023", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5309", datePublished: "2015-12-07T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }