Vulnerabilities > CVE-2019-17069 - Use After Free vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2019-10-01

Updated: 2022-03-31

Summary

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

Vulnerable Configurations

Part	Description	Count
Application	Putty Putty Putty - Putty Putty 0.45 Putty Putty 0.46 Putty Putty 0.47 Putty Putty 0.48 Putty Putty 0.49 Putty Putty 0.50 Putty Putty 0.51 Putty Putty 0.52 Putty Putty 0.53 Putty Putty 0.53B Putty Putty 0.54 Putty Putty 0.55 Putty Putty 0.56 Putty Putty 0.57 Putty Putty 0.58 Putty Putty 0.59 Putty Putty 0.60 Putty Putty 0.61 Putty Putty 0.62 Putty Putty 0.63 Putty Putty 0.65 Putty Putty 0.66 Putty Putty 0.67 Putty Putty 0.68 Putty Putty 0.69 Putty Putty 0.70 Putty Putty 0.71 Putty Putty 0.72	30
Application	Netapp Netapp Oncommand Unified Manager Core Package -	1
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2276.NASL
description	This update for putty to version 0.73 fixes the following issues : Security issues fixed : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753).
last seen	2020-06-01
modified	2020-06-02
plugin id	129704
published	2019-10-08
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129704
title	openSUSE Security Update : putty (openSUSE-2019-2276)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2277.NASL
description	This update for putty to version 0.73 fixes the following issues : - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753).
last seen	2020-06-01
modified	2020-06-02
plugin id	129705
published	2019-10-08
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129705
title	openSUSE Security Update : putty (openSUSE-2019-2277)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References