PT-2013-1464 · Simon Tatham · Putty

Vincent Danen

Published

2013-08-23

Updated

2019-03-21

CVE-2011-4607

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.59 through 0.61

Description The issue arises during keyboard-interactive authentication when managing user replies. Sensitive process memory is not properly cleared, potentially allowing local users to read login passwords by accessing the process' memory.

Recommendations For versions 0.59 through 0.61, update to a version that properly clears sensitive process memory to prevent potential password exposure.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-4607

Affected Products

Putty

PT-2013-1464 · Simon Tatham · Putty

CVE-2011-4607

Weakness Enumeration

Related Identifiers

Affected Products

References · 8