Simon Tatham

**Name of the Vulnerable Software and Affected Versions** PuTTY versions 0.72 through 0.83 **Description** A double free issue exists in the RSA KEX (Key Exchange), which is the process used by two parties to establish a shared secret key over an insecure channel. **Recommendations** Update to version 0.84.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions 0.77 through 0.83 **Description** The software uses a copy of the PuTTY icon to indicate trust for TELNET data. However, the trust status is not cleared between the proxy authentication phase and the main session, which may lead to incorrect trust indications. **Recommendations** Update to version 0.84.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions prior to 0.73 **Description** The issue allows attackers to listen on the same port to steal an incoming connection due to improperly opened port-forwarding listening sockets. **Recommendations** For versions prior to 0.73, update to version 0.73 or later to resolve the issue.