6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
secunia.com/advisories/54379
secunia.com/advisories/54533
www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
www.debian.org/security/2013/dsa-2736
www.openwall.com/lists/oss-security/2013/08/06/11