VDB
CVE-2019-17067
CVE-2019-17067
PUBLISHED
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
EPSS 0.43% · 63.1th percentile
Risk Scores
EPSS Score
0.43%
63.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | putty | 0.67-1, 0, 0.65-2 |
| Ubuntu:24.04:LTS | putty | 0, 0.78-3, 0.80-1 |
| Ubuntu:25.10 | putty | 0.83-2, 0, 0.83-3 |
| Ubuntu:22.04:LTS | putty | 0, 0.76-1, 0.76-2 |
| Ubuntu:18.04:LTS | putty | 0.70-4, 0.70-3, 0.70-2 |
| Ubuntu:20.04:LTS | putty | 0.72-1, 0, 0.73-1 |
Timeline
- Oct 1, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-17067 third-party-advisory
- https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-17067 third-party-advisory