Vulnerabilities > CVE-2019-17069 - Use After Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
putty
opensuse
netapp
CWE-416
nessus

Summary

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2276.NASL
    descriptionThis update for putty to version 0.73 fixes the following issues : Security issues fixed : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753).
    last seen2020-06-01
    modified2020-06-02
    plugin id129704
    published2019-10-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129704
    titleopenSUSE Security Update : putty (openSUSE-2019-2276)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2277.NASL
    descriptionThis update for putty to version 0.73 fixes the following issues : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753).
    last seen2020-06-01
    modified2020-06-02
    plugin id129705
    published2019-10-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129705
    titleopenSUSE Security Update : putty (openSUSE-2019-2277)