This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Putty First view 2016-04-07
Product Putty Last view 2020-06-29
Version 0.66 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:putty:putty

Activity : Overall

Related : CVE

  Date Alert Description
5.9 2020-06-29 CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

7.5 2019-10-01 CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

7.5 2019-10-01 CVE-2019-17068

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.

9.8 2019-10-01 CVE-2019-17067

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

9.8 2019-03-21 CVE-2019-9898

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

7.5 2019-03-21 CVE-2019-9897

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

7.8 2019-03-21 CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

9.8 2019-03-21 CVE-2019-9895

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

7.5 2019-03-21 CVE-2019-9894

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8 2017-03-27 CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

9.8 2016-04-07 CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.

CWE : Common Weakness Enumeration

%idName
27% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
27% (3) CWE-20 Improper Input Validation
9% (1) CWE-770 Allocation of Resources Without Limits or Throttling
9% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
9% (1) CWE-320 Key Management Errors
9% (1) CWE-200 Information Exposure
9% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Nessus® Vulnerability Scanner

id Description
2017-12-11 Name: The remote Windows host has an SSH client that is affected by a buffer overfl...
File: putty_067.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2017-efdd962fee.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-09.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201703-03.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-354.nasl - Type: ACT_GATHER_INFO
2017-03-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9b973e970a9911e7ace7080027ef73ec.nasl - Type: ACT_GATHER_INFO
2016-06-06 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-01.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-667.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7f0fbb30e46211e5a3f3080027ef73ec.nasl - Type: ACT_GATHER_INFO