7 matches found
CVE-2016-2563
The CVE-2016-2563 issue affects PuTTY (pscp) and KiTTY, describing a stack-based buffer overflow in the SCP-SINK handling during SCP downloads. A remote attacker could cause DoS or arbitrary code execution via a crafted SCP-SINK file-size response. Affected: PuTTY older than 0.67 and KiTTY older ...
CVE-2015-2157
PuTTY local memory disclosure vulnerability (CVE-2015-2157) affects PuTTY 0.51–0.63 where SSH-2 private keys are not properly wiped from memory after loading/saving, enabling local attackers to read sensitive key material. Impact is local, with partial confidentiality impact as per NVD metrics; n...
CVE-2013-4852
CVE-2013-4852 describes an integer overflow in PuTTY (0.62 and earlier) and in dependent products (e.g., WinSCP
CVE-2013-4207
PuTTY before 0.63 is affected by CVE-2013-4207 due to a heap-based buffer overflow in sshbn.c (modular arithmetic during DSA signature handling). The overflow can crash a remote SSH server and is triggered by an invalid DSA signature during the bignum division-by-zero path. This is distinct from ...
CVE-2013-4206
PuTTY before 0.63 is affected by CVE-2013-4206 due to a heap-based buffer underflow in modmul (sshbn.c). The vulnerability allows remote SSH servers to cause a denial of service (crash) and possibly memory corruption or code execution via a crafted DSA signature, related to improper handling duri...
CVE-2015-5309
PuTTY before 0.66 contains a memory‑corrupting integer overflow in handling the ECH (erase characters) escape sequence, allowing a remote attacker to cause DoS or potentially execute arbitrary code via a large parameter value. This affects PuTTY’s terminal emulator. Debian advisories (DSA-3409) a...
CVE-2013-4208
CVE-2013-4208 affects PuTTY up to version 0.63 where rsa_verify mishandles sensitive memory and does not free certain structures, potentially exposing private RSA/DSA keys. Several advisories note updates that merge PuTTY fixes into downstream projects (e.g., FileZilla 3.7.3 and Fedora/OpenSUSE a...