CVE-2004-1440

Name of the Vulnerable Software and Affected Versions: PuTTY versions prior to 0.55

Description: The issue is related to multiple heap-based buffer overflows in the modpow function. This allows remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, causing the modpow function to write memory before the beginning of its buffer. Additionally, remote malicious servers can cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

Recommendations: For versions prior to 0.55, update to version 0.55 or later to resolve the issue. As a temporary workaround, consider restricting access to SSH2 packets with large base arguments to minimize the risk of exploitation.