Vulnerabilities > Putty > Putty

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2021-07-09 CVE-2021-36367 Insufficient Verification of Data Authenticity vulnerability in Putty
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
network
low complexity
putty CWE-345
8.1
2021-05-21 CVE-2021-33500 Unspecified vulnerability in Putty
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.
network
low complexity
putty
5.0
2020-06-29 CVE-2020-14002 Information Exposure Through Discrepancy vulnerability in multiple products
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
network
high complexity
putty netapp fedoraproject CWE-203
5.9
2019-10-01 CVE-2019-17069 Use After Free vulnerability in multiple products
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
network
low complexity
putty opensuse netapp CWE-416
5.0
2019-10-01 CVE-2019-17068 Injection vulnerability in multiple products
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
network
low complexity
putty opensuse CWE-74
5.0
2019-10-01 CVE-2019-17067 Allocation of Resources Without Limits or Throttling vulnerability in Putty
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
network
low complexity
putty CWE-770
7.5
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
9.8
2019-03-21 CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
network
low complexity
putty fedoraproject debian netapp opensuse
7.5
2019-03-21 CVE-2019-9896 Uncontrolled Search Path Element vulnerability in multiple products
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
local
low complexity
putty opensuse CWE-427
4.6