VDB

GCVE-110-MAGEIA-2013-242

GCVE-110-MAGEIA-2013-242
Advisory Published
Vulnetix · Advisory published August 9, 2013
PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication, caused by improper bounds checking of the length parameter received from the SSH server. This allows remote attackers to cause denial of service, and may have more severe impact on the operation of software that uses PuTTY code (CVE-2013-4852). PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication (CVE-2013-4206). PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to a buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature (CVE-2013-4207). PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to private keys left in memory after being used by PuTTY tools (CVE-2013-4208).

Affected Products

VendorProductVersionsPlatforms
Mageiafilezilla0 (affected), 3.7.3-1.mga2 (unaffected)
Mageiafilezilla0 (affected), 3.7.3-1.mga3 (unaffected)
Mageiaputty0 (affected), 0.63-1.mga3 (unaffected)
Mageiaputty0 (affected), 0.63-1.mga2 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›