Vulnerabilities > CVE-2021-33500 - Unspecified vulnerability in Putty
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Vulnerable Configurations
References
- https://docs.ssh-mitm.at/puttydos.html
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html