Vulnerabilities > Putty > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-9898 | Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 |
2019-03-21 | CVE-2019-9895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | 9.8 |
2017-03-27 | CVE-2017-6542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | 9.8 |
2005-01-10 | CVE-2004-1008 | Remote SSH2_MSG_DEBUG Buffer Overflow vulnerability in PuTTY Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | 10.0 |
2002-12-23 | CVE-2002-1360 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1359 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1358 | Improper Input Validation vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-20 critical | 10.0 |
2002-12-23 | CVE-2002-1357 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. network low complexity cisco fissh intersoft netcomposite pragma-systems putty winscp CWE-119 critical | 10.0 |