Vulnerabilities > CVE-2019-17069 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Putty
| 30 |
| Application | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2276.NASL description This update for putty to version 0.73 fixes the following issues : Security issues fixed : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753). last seen 2020-06-01 modified 2020-06-02 plugin id 129704 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129704 title openSUSE Security Update : putty (openSUSE-2019-2276) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2277.NASL description This update for putty to version 0.73 fixes the following issues : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753). last seen 2020-06-01 modified 2020-06-02 plugin id 129705 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129705 title openSUSE Security Update : putty (openSUSE-2019-2277)
References
- https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00030.html
- https://security.netapp.com/advisory/ntap-20191127-0003/
- https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html