This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Putty First view 2015-03-27
Product Putty Last view 2020-06-29
Version 0.63 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:putty:putty

Activity : Overall

Related : CVE

  Date Alert Description
5.9 2020-06-29 CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

7.5 2019-10-01 CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

7.5 2019-10-01 CVE-2019-17068

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.

9.8 2019-10-01 CVE-2019-17067

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

9.8 2019-03-21 CVE-2019-9898

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

7.5 2019-03-21 CVE-2019-9897

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

7.8 2019-03-21 CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

9.8 2019-03-21 CVE-2019-9895

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

7.5 2019-03-21 CVE-2019-9894

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8 2017-03-27 CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

9.8 2016-04-07 CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

4.3 2015-12-07 CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.

2.1 2015-03-27 CVE-2015-2157

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

CWE : Common Weakness Enumeration

%idName
23% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
23% (3) CWE-20 Improper Input Validation
15% (2) CWE-200 Information Exposure
7% (1) CWE-770 Allocation of Resources Without Limits or Throttling
7% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
7% (1) CWE-320 Key Management Errors
7% (1) CWE-189 Numeric Errors
7% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Nessus® Vulnerability Scanner

id Description
2017-12-11 Name: The remote Windows host has an SSH client that is affected by a buffer overfl...
File: putty_067.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2017-efdd962fee.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-09.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-354.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201703-03.nasl - Type: ACT_GATHER_INFO
2017-03-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9b973e970a9911e7ace7080027ef73ec.nasl - Type: ACT_GATHER_INFO
2016-06-06 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-01.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-667.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7f0fbb30e46211e5a3f3080027ef73ec.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-5ad4a1f151.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3d17682c15.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3409.nasl - Type: ACT_GATHER_INFO
2015-11-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-347.nasl - Type: ACT_GATHER_INFO
2015-11-19 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-766.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_0cb0afd986b811e5bf60080027ef73ec.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-173.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3204.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3160.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3070.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3190.nasl - Type: ACT_GATHER_INFO
2015-03-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-218.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_92fc2e2bc38311e48ef7080027ef73ec.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote Windows host has an SSH client that is affected by multiple inform...
File: putty_064.nasl - Type: ACT_GATHER_INFO