Latest Putty Vulnerabilities

CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
Openbsd Openssh<9.6
Putty Putty<0.80
and 128 more
CVE-2021-36367
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a la...
<=0.75
Putty Putty<=0.75
debian/putty<=0.63-10+deb8u1<=0.75-2<=0.63-10
debian/putty<=0.70-6<=0.74-1
CVE-2021-33500
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWi...
Putty Putty<0.75
Microsoft Windows
CVE-2020-14002
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where ...
Putty Putty>=0.68<=0.73
NetApp OnCommand Unified Manager Core Package
Fedoraproject Fedora=31
Fedoraproject Fedora=32
CVE-2019-17067
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
Putty Putty<0.73
Microsoft Windows
CVE-2019-17068
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
Putty Putty<0.73
openSUSE Leap=15.0
openSUSE Leap=15.1
CVE-2019-17069
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
Putty Putty<0.73
openSUSE Leap=15.0
openSUSE Leap=15.1
NetApp OnCommand Unified Manager Core Package
CVE-2019-9898
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
debian/putty
Putty Putty<0.71
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 2 more
CVE-2019-9896
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
Putty Putty<0.71
Microsoft Windows
openSUSE Backports SLE=15.0
openSUSE Leap=15.0
CVE-2019-9895
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
debian/putty
Putty Putty<0.71
Opengroup Unix
Fedoraproject Fedora=28
Fedoraproject Fedora=29
CVE-2019-9897
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
debian/putty
Putty Putty<0.71
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 2 more
CVE-2019-9894
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
debian/putty
Putty Putty<0.71
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 2 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203