PT-2013-4897 · Simon Tatham · Putty

Mark Wooding

·

Published

2013-08-09

·

Updated

2024-06-15

·

CVE-2013-4206

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PuTTY versions prior to 0.63
Description A heap-based buffer underflow issue exists in the modmul function in sshbn.c, which can be triggered by remote SSH servers sending a crafted DSA signature. This can cause a denial of service (crash) and potentially lead to memory corruption or code execution due to improper handling of certain bit-shifting operations during modular multiplication.
Recommendations For versions prior to 0.63, update to version 0.63 or later to resolve the issue.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-4206
DSA-2736-1
MGASA-2013-0242
OPENSUSE-SU-2024:10399-1

Affected Products

Putty