All the vulnerabilites related to tigris - tortoisesvn
Vulnerability from fkie_nvd
Published
2024-04-15 20:15
Modified
2024-11-21 09:13
Severity ?
Summary
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| putty | putty | * | |
| filezilla-project | filezilla_client | * | |
| winscp | winscp | * | |
| tortoisegit | tortoisegit | * | |
| tigris | tortoisesvn | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D6294C-4365-4187-8053-35F3AAC5229F",
"versionEndExcluding": "0.81",
"versionStartIncluding": "0.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E9886A-527F-444B-AFB3-33CF777182CC",
"versionEndExcluding": "3.67.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA80FE9-039E-4BF4-AC16-6E65FFAB22A2",
"versionEndExcluding": "6.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tortoisegit:tortoisegit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C171EB-2081-44AC-9017-B3BA3A88B10A",
"versionEndExcluding": "2.15.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F28A31-E86D-43C1-8043-2B8ECD723AF7",
"versionEndExcluding": "1.14.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user\u0027s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim\u0027s private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim\u0027s private key) can derive the victim\u0027s private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6."
},
{
"lang": "es",
"value": "En PuTTY 0.68 a 0.80 antes de 0.81, la generaci\u00f3n nonce ECDSA sesgada permite a un atacante recuperar la clave secreta NIST P-521 de un usuario mediante un ataque r\u00e1pido en aproximadamente 60 firmas. Esto es especialmente importante en un escenario en el que un adversario puede leer mensajes firmados por PuTTY o Pageant. El conjunto requerido de mensajes firmados puede ser legible p\u00fablicamente porque est\u00e1n almacenados en un servicio p\u00fablico Git que admite el uso de SSH para la firma de confirmaci\u00f3n, y Pageant realiz\u00f3 las firmas a trav\u00e9s de un mecanismo de reenv\u00edo de agentes. En otras palabras, es posible que un adversario ya tenga suficiente informaci\u00f3n de firma para comprometer la clave privada de una v\u00edctima, incluso si no se utilizan m\u00e1s versiones vulnerables de PuTTY. Despu\u00e9s de un compromiso clave, un adversario puede realizar ataques a la cadena de suministro del software mantenido en Git. Un segundo escenario independiente es que el adversario sea un operador de un servidor SSH en el que la v\u00edctima se autentica (para inicio de sesi\u00f3n remoto o copia de archivos), aunque la v\u00edctima no conf\u00ede plenamente en este servidor y la v\u00edctima utilice la misma clave privada. para conexiones SSH a otros servicios operados por otras entidades. Aqu\u00ed, el operador del servidor fraudulento (que de otro modo no tendr\u00eda forma de determinar la clave privada de la v\u00edctima) puede obtener la clave privada de la v\u00edctima y luego usarla para acceder no autorizado a esos otros servicios. Si los otros servicios incluyen servicios Git, nuevamente es posible realizar ataques a la cadena de suministro del software mantenido en Git. Esto tambi\u00e9n afecta, por ejemplo, a FileZilla anterior a 3.67.0, WinSCP anterior a 6.3.3, TortoiseGit anterior a 2.15.0.1 y TortoiseSVN hasta 1.14.6."
}
],
"id": "CVE-2024-31497",
"lastModified": "2024-11-21T09:13:38.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-15T20:15:11.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275183"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1222864"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27\u0026p=simon/putty.git"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-6p4c-r453-8743"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/daedalus/BreakingECDSAwithLLL"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40044665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-31497"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tortoisegit.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/CCBalert/status/1780229237569470549"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/lambdafu/status/1779969509522133272"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://winscp.net/eng/news.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1222864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27\u0026p=simon/putty.git"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-6p4c-r453-8743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/daedalus/BreakingECDSAwithLLL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=40044665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-31497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tortoisegit.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/CCBalert/status/1780229237569470549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://twitter.com/lambdafu/status/1779969509522133272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://winscp.net/eng/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-10 20:00
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2FCFB8-3E8A-4EE5-AC30-433E2B70D4FD",
"versionEndIncluding": "1.6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69635DDE-3456-4DD5-BE25-446616DE8484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA03DE6C-5866-4917-AF11-62F40F965D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25A7FD43-2E26-466D-B36D-C7624246DEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC67FEFA-FAC8-4124-B798-616BA57043F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30768C46-4499-4B57-8DA8-31A27B653080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C75C84-05C5-4BAC-98B8-5F2214133AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42D96050-5FEC-4D86-B745-52D4FB2B2FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F392926-BA33-4059-B4F1-F769610CC690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A448AD-A509-4823-8A29-B241D223DD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD586F-65DA-4C19-86CC-B501E2E5C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D83AAFC6-0057-4819-9369-D29445008EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45F59F0-39A7-48ED-8AEE-468CBADAA86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46A99DB3-B02D-4CC4-BAA9-1D21A8F8B800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B014F3FE-1F15-454C-B67C-AD07CF373BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "287CD53E-CB7C-408A-9C0F-FF1767F92562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C418FF1E-F3A2-4106-9BA1-AA1B7057F9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CCE078-5F56-49AB-AA86-61E9B3EF6CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF377BE5-EFC2-40F5-9F80-2E9B1B44F33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D5ACA-72BD-45D5-B83B-5039053A21B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "110AAA66-8A57-4E71-9E5F-C7E4E7CBEE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC605D05-E822-4183-844E-B68C51488D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED464340-B89B-44CA-9662-AC3F10646683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9C2369-44F7-4261-BDA0-D90575C3A038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A652EB0B-7734-4D86-B0FB-F5511BF2C980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "57C6BC0D-AD7C-47CB-A8AC-12BD915D1309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB290F-0988-4E0D-9711-E782E26DCA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC22FAE-B464-4B69-8E39-C516BDD468D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "229859B3-354C-436C-BD23-2BC06E039E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7324480C-219A-439F-BEDC-1BEB1CD83F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "139E614E-16BE-41C9-9EB4-2550E13EC0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "95AAC20E-744D-4B37-96A6-E43E46136F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "134B3CBC-B293-4257-93BB-49698158D144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C761FC81-6CEB-4B9D-BC5B-103D312A5A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A3BE54-FD93-4DAF-96E3-B655957F1C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "15395B2B-5F74-4A60-A32C-6D0554749C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173FF5BE-3265-47E6-818A-A8F74C6E58D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E51BDC2E-028A-4DA2-ABF2-F556234CCD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87CC7415-C392-42C9-8A0F-DEDE34CD7B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC224E5-CD65-404D-A064-1E415B837DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FADC775A-7401-454F-9AA7-DB8C397BB82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C3C166-3523-4850-B517-EA07DC39BC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D608ECAA-FFCD-448D-9A95-20D0A8EE7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D00C7AC-2AA5-4EA2-B95B-0086813C4820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "068681A2-EBCF-45AA-824B-04C9DBA7B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65861A52-6D51-4DB3-9235-5B3690192D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6E30FB65-45DC-4019-B1B9-3B8427B5555D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D10FB8A4-7FE8-4820-9844-48E028BF4704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C14AD483-2520-4818-8F8D-48C62DBC5573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "552A0106-289D-45FF-8241-DE4A8DC29B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D95650D-A78B-4B21-B419-B2677491972F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AC8B47-ABBA-49A5-B145-C8535418CF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2752F108-8B3A-4207-8DA0-72E0AEEA2788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C5541E-CD87-4861-B80E-8A05996F6754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B092FAEF-4994-4A2B-B2A9-07ED94A8CA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C898005-FEFB-4A4A-B0BE-6E536E83B943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2B5784-5245-40B5-A3DA-46ADF41A0B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D5CB3B-6287-4A63-BE96-1CC72CEF76A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7833B6DB-A016-4649-98B0-AB957E1E8030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D740DBBE-EFDC-4582-8E19-E7769DE2FEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7745CA-1A5E-468B-BDBD-978AEC6097D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "536F5529-1704-4201-AD7D-B8CF5250B911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B319ED3E-BCA3-4FD0-86AE-9515B7B75024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25E43D6D-A0B0-433C-8C0E-113446930F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F14ED42-2960-4777-9B90-C0EE47FAA728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2D63DF-FD5B-4263-9647-3A4DFC64B7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB75992B-8D9B-4492-A647-E2D42A2EC030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "522B6EA0-5CFC-4ECD-94CF-7BF7712F2EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68BBDA83-9181-4E18-B4CB-39B3AD755957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14A936B6-1B4B-493E-BB53-0DA4E46E5EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "282EBC98-7577-4F5E-8928-8E71C59E039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA67D4-A404-40DC-8748-B2128AFFFA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB1D669-45C8-461B-A123-75650BBECD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A2A35-E89E-4EFD-85FD-E1383948B33E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "741376DE-896D-42F3-B896-79236BE0916F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3BEA2D-B7F1-4A0E-BCBB-DE59EAD24CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B0E98-7A14-4852-9CC8-809E8F95445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11E31D0B-83A7-4C38-927B-9AC9AC1B20D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87950014-0B66-426B-9467-D8B1BCDB1B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "E1E68345-D94F-4202-AC98-9D16C8714440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "25C908C0-822F-4C2E-86AC-555EE76789E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BEC5C91B-B2D3-4A4C-B4EB-48C279DE7DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EA53988F-46D4-4B80-B0B3-F8DFE09B317D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3243642C-D9D5-48B0-92D6-75B7EDC42716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40E8C652-4041-457D-861F-F34DE9623136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22560DEC-77BD-43BE-A6FC-20D56006B691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2672968-80C7-4CAB-BFC4-A23817288787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32C77288-8B1C-4234-85FB-981E87BF5B49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEFE993-68DD-424B-B1C9-7CF50660324D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51ABD2A3-42E9-4D25-9A7D-43A0FC3EC4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B8373E24-3966-4351-B9A9-D55D7D8D1AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D421BD2C-C5BA-46B8-98DE-85BCD388F8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "25B3881B-9C61-49EA-ABBD-6467F26EBA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF354A0-19EC-404D-B0FA-1728947966D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD4EBBF-DC5A-41F4-BEBF-62687CADE12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F70DE9F3-C118-4390-AEEF-3209B86C9DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEED7ED6-1B3F-40F3-8233-1467800072B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0B4890-D142-492E-B80E-D8D7F9B0339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tigris:tortoisesvn:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA62F2E-C83D-4ECC-8684-E5FFDE81A4BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default."
},
{
"lang": "es",
"value": "Vulnerabilidad ruta de b\u00fasqueda no confiable en TortoiseSVN v1.6.10, Build 19898 y anteriores, permite ejecutar codigo de sue eleccion a usuarios locales, y posiblemente a atacantes remotos tambi\u00e9n llevar a cabo ataques a trav\u00e9s de secuestro de archivo DLL a trav\u00e9s del caballo de troya dwmapi.dll que se encuentra en la misma carpeta que el archivo que est\u00e1 tratando de procesar Tortoise. NOTE: Esta vulnerabilidad se produce cuando una extensi\u00f3n de fichero est\u00e1 asociada con TortoiseProc o TortoiseMerge, lo que no est\u00e1 configurado por defecto."
}
],
"id": "CVE-2010-3199",
"lastModified": "2024-11-21T01:18:15.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-10T20:00:01.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163"
},
{
"source": "cve@mitre.org",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513442/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513463/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513442/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513463/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-31497
Vulnerability from cvelistv5
Published
2024-04-15 00:00
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:putty:putty:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "putty",
"vendor": "putty",
"versions": [
{
"lessThan": "0.81",
"status": "affected",
"version": "0.68",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31497",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T04:01:10.059065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:17.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:01.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40044665"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/news.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://tortoisegit.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-6p4c-r453-8743"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275183"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1222864"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-31497"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/lambdafu/status/1779969509522133272"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27\u0026p=simon/putty.git"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/daedalus/BreakingECDSAwithLLL"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/CCBalert/status/1780229237569470549"
},
{
"tags": [
"x_transferred"
],
"url": "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/"
},
{
"name": "FEDORA-2024-8401d42de6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/"
},
{
"name": "FEDORA-2024-ff9a2fb31c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/"
},
{
"name": "FEDORA-2024-0489e7ba1e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/"
},
{
"name": "FEDORA-2024-08a4a5ead8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/"
},
{
"name": "FEDORA-2024-cba85cc558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/"
},
{
"name": "[oss-security] 20240415 CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"name": "[debian-lts-announce] 20240620 [SECURITY] [DLA 3839-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html"
},
{
"url": "https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user\u0027s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim\u0027s private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim\u0027s private key) can derive the victim\u0027s private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:05:59.509465",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"url": "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward"
},
{
"url": "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty"
},
{
"url": "https://news.ycombinator.com/item?id=40044665"
},
{
"url": "https://winscp.net/eng/news.php"
},
{
"url": "https://tortoisegit.org"
},
{
"url": "https://github.com/advisories/GHSA-6p4c-r453-8743"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275183"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1222864"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2024-31497"
},
{
"url": "https://twitter.com/lambdafu/status/1779969509522133272"
},
{
"url": "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27\u0026p=simon/putty.git"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/"
},
{
"url": "https://github.com/daedalus/BreakingECDSAwithLLL"
},
{
"url": "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/"
},
{
"url": "https://twitter.com/CCBalert/status/1780229237569470549"
},
{
"url": "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/"
},
{
"name": "FEDORA-2024-8401d42de6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/"
},
{
"name": "FEDORA-2024-ff9a2fb31c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/"
},
{
"name": "FEDORA-2024-0489e7ba1e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/"
},
{
"name": "FEDORA-2024-08a4a5ead8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/"
},
{
"name": "FEDORA-2024-cba85cc558",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/"
},
{
"name": "[oss-security] 20240415 CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/6"
},
{
"name": "[debian-lts-announce] 20240620 [SECURITY] [DLA 3839-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-31497",
"datePublished": "2024-04-15T00:00:00",
"dateReserved": "2024-04-04T00:00:00",
"dateUpdated": "2024-08-19T07:48:01.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3199
Vulnerability from cvelistv5
Published
2010-09-10 19:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc | x_refsource_MISC | |
| http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/513442/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/513463/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163"
},
{
"name": "20100831 Tortoise SVN DLL Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513442/100/0/threaded"
},
{
"name": "20100901 Tortoise SVN DLL Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513463/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163"
},
{
"name": "20100831 Tortoise SVN DLL Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513442/100/0/threaded"
},
{
"name": "20100901 Tortoise SVN DLL Hijacking Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513463/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc",
"refsource": "MISC",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653202\u0026orderBy=createDate\u0026orderType=desc"
},
{
"name": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163",
"refsource": "MISC",
"url": "http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061\u0026dsMessageId=2653163"
},
{
"name": "20100831 Tortoise SVN DLL Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513442/100/0/threaded"
},
{
"name": "20100901 Tortoise SVN DLL Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513463/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3199",
"datePublished": "2010-09-10T19:00:00",
"dateReserved": "2010-08-31T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}