rpm package
opensuse/putty&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/putty&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-31497 | — | < 0.81-1.1 | 0.81-1.1 | Apr 15, 2024 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P | ||
| CVE-2023-48795 | Med | 5.9 | < 0.80-1.1 | 0.80-1.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2019-17068 | — | < 0.76-1.2 | 0.76-1.2 | Oct 1, 2019 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||
| CVE-2019-17069 | — | < 0.76-1.2 | 0.76-1.2 | Oct 1, 2019 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | ||
| CVE-2017-6542 | Cri | 9.8 | < 0.76-1.2 | 0.76-1.2 | Mar 27, 2017 | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which tri | |
| CVE-2015-5309 | — | < 0.67-1.5 | 0.67-1.5 | Dec 7, 2015 | Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow | ||
| CVE-2015-2157 | — | < 0.67-1.5 | 0.67-1.5 | Mar 27, 2015 | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | ||
| CVE-2013-4852 | — | < 0.67-1.5 | 0.67-1.5 | Aug 19, 2013 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key sig |
- CVE-2024-31497Apr 15, 2024affected < 0.81-1.1fixed 0.81-1.1
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P
- affected < 0.80-1.1fixed 0.80-1.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2019-17068Oct 1, 2019affected < 0.76-1.2fixed 0.76-1.2
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
- CVE-2019-17069Oct 1, 2019affected < 0.76-1.2fixed 0.76-1.2
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
- affected < 0.76-1.2fixed 0.76-1.2
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which tri
- CVE-2015-5309Dec 7, 2015affected < 0.67-1.5fixed 0.67-1.5
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow
- CVE-2015-2157Mar 27, 2015affected < 0.67-1.5fixed 0.67-1.5
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
- CVE-2013-4852Aug 19, 2013affected < 0.67-1.5fixed 0.67-1.5
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key sig