Known Vulnerabilities for products from Putty
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Putty".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-36367 | PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.... | 8.1 - HIGH | 2021-07-09 | 2023-12-24 |
| CVE-2021-33500 | PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY windo... | 7.5 - HIGH | 2021-05-21 | 2021-05-27 |
| CVE-2020-14002 | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allow... | 5.9 - MEDIUM | 2020-06-29 | 2023-11-07 |
| CVE-2019-17069 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SS... | 7.5 - HIGH | 2019-10-01 | 2022-03-31 |
| CVE-2019-17068 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by mal... | 7.5 - HIGH | 2019-10-01 | 2019-11-27 |
| CVE-2019-17067 | PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same... | 9.8 - CRITICAL | 2019-10-01 | 2019-11-27 |
| CVE-2019-9898 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-9897 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
| CVE-2019-9896 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in th... | 7.8 - HIGH | 2019-03-21 | 2022-04-05 |
| CVE-2019-9895 | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwardi... | 9.8 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-9894 | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
| CVE-2017-6542 | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large lengt... | 9.8 - CRITICAL | 2017-03-27 | 2023-11-07 |
| CVE-2016-6167 | Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL... | 7.8 - HIGH | 2017-01-30 | 2022-05-01 |
| CVE-2015-2157 | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private k... | 2.1 - LOW | 2015-03-27 | 2019-03-21 |
| CVE-2013-4852 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers ... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2013-4208 | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free cert... | 2.1 - LOW | 2013-08-19 | 2019-03-21 |
| CVE-2013-4207 | Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid... | 4.3 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2013-4206 | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denia... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2011-4607 | PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interac... | 2.1 - LOW | 2013-08-23 | 2019-03-21 |
| CVE-2006-7162 | PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) ses... | 1.9 - LOW | 2007-03-07 | 2008-09-05 |
Known software with vulnerabilities from Putty
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Putty | Putty | - |