Vulnerabilities > Putty > Putty > 0.53b
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-9894 | Key Management Errors vulnerability in multiple products A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | 7.5 |
| 2017-03-27 | CVE-2017-6542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | 9.8 |
| 2015-03-27 | CVE-2015-2157 | Information Exposure vulnerability in multiple products The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | 2.1 |
| 2013-08-19 | CVE-2013-4852 | Numeric Errors vulnerability in multiple products Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. | 6.8 |
| 2013-08-19 | CVE-2013-4208 | Information Exposure vulnerability in multiple products The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. | 2.1 |
| 2013-08-19 | CVE-2013-4207 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206. | 4.3 |
| 2013-08-19 | CVE-2013-4206 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. | 6.8 |
| 2007-03-07 | CVE-2006-7162 | Information Disclosure vulnerability in PUTTY PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. local putty | 1.9 |
| 2005-02-21 | CVE-2005-0467 | Remote Security vulnerability in PUTTY Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | 7.5 |
| 2005-01-10 | CVE-2004-1008 | Remote SSH2_MSG_DEBUG Buffer Overflow vulnerability in PuTTY Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | 10.0 |