rpm package
opensuse/putty&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/putty&distro=openSUSE%20Leap%2015.5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-31497 | — | < 0.81-bp155.2.6.1 | 0.81-bp155.2.6.1 | Apr 15, 2024 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P | ||
| CVE-2023-48795 | Med | 5.9 | < 0.80-bp155.2.3.1 | 0.80-bp155.2.3.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end |
- CVE-2024-31497Apr 15, 2024affected < 0.81-bp155.2.6.1fixed 0.81-bp155.2.6.1
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P
- affected < 0.80-bp155.2.3.1fixed 0.80-bp155.2.3.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end