This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Putty First view 2017-03-27
Product Putty Last view 2020-06-29
Version 0.67 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:putty:putty

Activity : Overall

Related : CVE

  Date Alert Description
5.9 2020-06-29 CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

7.5 2019-10-01 CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

7.5 2019-10-01 CVE-2019-17068

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.

9.8 2019-10-01 CVE-2019-17067

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

9.8 2019-03-21 CVE-2019-9898

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

7.5 2019-03-21 CVE-2019-9897

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

7.8 2019-03-21 CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

9.8 2019-03-21 CVE-2019-9895

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

7.5 2019-03-21 CVE-2019-9894

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8 2017-03-27 CVE-2017-6542

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-20 Improper Input Validation
20% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-770 Allocation of Resources Without Limits or Throttling
10% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
10% (1) CWE-320 Key Management Errors
10% (1) CWE-200 Information Exposure
10% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Nessus® Vulnerability Scanner

id Description
2017-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2017-efdd962fee.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-09.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201703-03.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-354.nasl - Type: ACT_GATHER_INFO
2017-03-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_9b973e970a9911e7ace7080027ef73ec.nasl - Type: ACT_GATHER_INFO