CVE-2013-4206
Summary
| CVE | CVE-2013-4206 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-08-19 23:55:00 UTC |
| Updated | 2021-08-06 16:58:00 UTC |
| Description | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Putty | Putty | 0.45 | All | All | All |
| Application | Putty | Putty | 0.46 | All | All | All |
| Application | Putty | Putty | 0.47 | All | All | All |
| Application | Putty | Putty | 0.48 | All | All | All |
| Application | Putty | Putty | 0.49 | All | All | All |
| Application | Putty | Putty | 0.50 | All | All | All |
| Application | Putty | Putty | 0.51 | All | All | All |
| Application | Putty | Putty | 0.52 | All | All | All |
| Application | Putty | Putty | 0.53b | All | All | All |
| Application | Putty | Putty | 0.54 | All | All | All |
| Application | Putty | Putty | 0.55 | All | All | All |
| Application | Putty | Putty | 0.56 | All | All | All |
| Application | Putty | Putty | 0.57 | All | All | All |
| Application | Putty | Putty | 0.58 | All | All | All |
| Application | Putty | Putty | 0.59 | All | All | All |
| Application | Putty | Putty | 0.60 | All | All | All |
| Application | Putty | Putty | 0.61 | All | All | All |
| Application | Putty | Putty | 2010-06-01 | r8967 | All | All |
| Application | Putty | Putty | 0.45 | All | All | All |
| Application | Putty | Putty | 0.46 | All | All | All |
| Application | Putty | Putty | 0.47 | All | All | All |
| Application | Putty | Putty | 0.48 | All | All | All |
| Application | Putty | Putty | 0.49 | All | All | All |
| Application | Putty | Putty | 0.50 | All | All | All |
| Application | Putty | Putty | 0.51 | All | All | All |
| Application | Putty | Putty | 0.52 | All | All | All |
| Application | Putty | Putty | 0.53b | All | All | All |
| Application | Putty | Putty | 0.54 | All | All | All |
| Application | Putty | Putty | 0.55 | All | All | All |
| Application | Putty | Putty | 0.56 | All | All | All |
| Application | Putty | Putty | 0.57 | All | All | All |
| Application | Putty | Putty | 0.58 | All | All | All |
| Application | Putty | Putty | 0.59 | All | All | All |
| Application | Putty | Putty | 0.60 | All | All | All |
| Application | Putty | Putty | 0.61 | All | All | All |
| Application | Simon Tatham | Putty | 0.53 | All | All | All |
| Application | Simon Tatham | Putty | 2010-06-01 | r8967 | All | All |
| Application | Simon Tatham | Putty | All | All | All | All |
| Application | Simon Tatham | Putty | 0.53 | All | All | All |
| Application | Simon Tatham | Putty | 2010-06-01 | r8967 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PuTTY vulnerability vuln-modmul | CONFIRM | www.chiark.greenend.org.uk | Vendor Advisory |
| svn.tartarus.org/sgt/putty/sshbn.c | CONFIRM | svn.tartarus.org | Patch |
| Debian -- Security Information -- DSA-2736-1 putty | DEBIAN | www.debian.org | |
| oss-security - CVE request: three additional flaws fixed in putty 0.63 | MLIST | www.openwall.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Security Advisory SA54379 - Debian update for putty - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| openSUSE-SU-2013:1347-1: moderate: filezilla: 3.7.3 version and security | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.