CVE-2013-4208
Summary
| CVE | CVE-2013-4208 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-08-19 23:55:00 UTC |
| Updated | 2019-03-21 17:04:00 UTC |
| Description | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Putty | Putty | 0.45 | All | All | All |
| Application | Putty | Putty | 0.46 | All | All | All |
| Application | Putty | Putty | 0.47 | All | All | All |
| Application | Putty | Putty | 0.48 | All | All | All |
| Application | Putty | Putty | 0.49 | All | All | All |
| Application | Putty | Putty | 0.50 | All | All | All |
| Application | Putty | Putty | 0.51 | All | All | All |
| Application | Putty | Putty | 0.52 | All | All | All |
| Application | Putty | Putty | 0.53b | All | All | All |
| Application | Putty | Putty | 0.54 | All | All | All |
| Application | Putty | Putty | 0.55 | All | All | All |
| Application | Putty | Putty | 0.56 | All | All | All |
| Application | Putty | Putty | 0.57 | All | All | All |
| Application | Putty | Putty | 0.58 | All | All | All |
| Application | Putty | Putty | 0.59 | All | All | All |
| Application | Putty | Putty | 0.60 | All | All | All |
| Application | Putty | Putty | 0.61 | All | All | All |
| Application | Putty | Putty | 0.45 | All | All | All |
| Application | Putty | Putty | 0.46 | All | All | All |
| Application | Putty | Putty | 0.47 | All | All | All |
| Application | Putty | Putty | 0.48 | All | All | All |
| Application | Putty | Putty | 0.49 | All | All | All |
| Application | Putty | Putty | 0.50 | All | All | All |
| Application | Putty | Putty | 0.51 | All | All | All |
| Application | Putty | Putty | 0.52 | All | All | All |
| Application | Putty | Putty | 0.53b | All | All | All |
| Application | Putty | Putty | 0.54 | All | All | All |
| Application | Putty | Putty | 0.55 | All | All | All |
| Application | Putty | Putty | 0.56 | All | All | All |
| Application | Putty | Putty | 0.57 | All | All | All |
| Application | Putty | Putty | 0.58 | All | All | All |
| Application | Putty | Putty | 0.59 | All | All | All |
| Application | Putty | Putty | 0.60 | All | All | All |
| Application | Putty | Putty | 0.61 | All | All | All |
| Application | Simon Tatham | Putty | 0.53 | All | All | All |
| Application | Simon Tatham | Putty | All | All | All | All |
| Application | Simon Tatham | Putty | 0.53 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PuTTY vulnerability private-key-not-wiped | CONFIRM | www.chiark.greenend.org.uk | |
| Debian -- Security Information -- DSA-2736-1 putty | DEBIAN | www.debian.org | |
| oss-security - CVE request: three additional flaws fixed in putty 0.63 | MLIST | www.openwall.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Security Advisory SA54379 - Debian update for putty - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| openSUSE-SU-2013:1347-1: moderate: filezilla: 3.7.3 version and security | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.