Vulnerabilities > Putty

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-9895 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
network
low complexity
putty fedoraproject CWE-119
critical
9.8
2019-03-21 CVE-2019-9894 Key Management Errors vulnerability in multiple products
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
network
low complexity
putty fedoraproject debian netapp opensuse CWE-320
7.5
2017-03-27 CVE-2017-6542 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
network
low complexity
putty opensuse-project opensuse CWE-119
critical
9.8
2017-01-30 CVE-2016-6167 Untrusted Search Path vulnerability in Putty 0.67
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
local
putty CWE-426
4.4
2015-03-27 CVE-2015-2157 Information Exposure vulnerability in multiple products
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
2.1
2013-08-23 CVE-2011-4607 Buffer Errors vulnerability in Putty 0.59/0.60/0.61
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
local
low complexity
putty CWE-119
2.1
2013-08-19 CVE-2013-4852 Numeric Errors vulnerability in multiple products
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
6.8
2013-08-19 CVE-2013-4208 Information Exposure vulnerability in multiple products
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
local
low complexity
putty simon-tatham CWE-200
2.1
2013-08-19 CVE-2013-4207 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.
4.3
2013-08-19 CVE-2013-4206 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
6.8