openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...

SUSE CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

ALPINE-CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

DEBIAN-CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

KLA65599 OSI vulnerability in PuTTY

Information disclosure vulnerability was found in PuTTY. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories oss-security – CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Exploitation Publi...

SUSE CVE-2013-4208

The rsaverify function in PuTTY before 0.63 1 does not clear sensitive process memory after use and 2 does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys...

Information Disclosure

PuTTY is vulnerable to information disclosure. It proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to...

Authorization Bypass

putty is vulnerable to authorization bypass. The vulnerability exists through the potential recycling of random numbers used in cryptography...

PuTTY Information Disclosure Vulnerability

PuTTY is a suite of free Telnet, Rlogin and SSH client software from Simon Tatham Software Developers. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions 0.68 through 0.73. An attacker could exploit the vulnerability to...

CVE-2020-14002

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client...

Unspecified Vulnerability in PuTTY

PuTTY is a suite of free Telnet, Rlogin and SSH client software from Simon Tatham Software Developers. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.73. An attacker can exploit this vulnerability to obtain...

Design/Logic Flaw

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1MSGDISCONNECT message...

CVE-2019-17069

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1MSGDISCONNECT message...

ALPINE-CVE-2019-9897

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

ALPINE-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

CVE-2016-2563

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...

CVE-2015-5309

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an ECH erase characters escape sequence with a large parameter value, which triggers a buffer underflow...

CVE-2015-2157

The 1 ssh2loaduserkey and 2 ssh2saveuserkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory...

KLA11441 OSI vulnerability in PuTTy

A buffer overflow vulnerability was found in PuTTY. Malicious users can exploit this vulnerability locally to obtain sensitive information. Original advisories PuTTY vulnerability password-not-wiped Related products PuTTY CVE list CVE-2011-4607 warning Solution Update to the latest version Downlo...