PT-2015-5636 · Simon Tatham+1 · Putty+1

Patrick Coleman

Published

2015-03-03

Updated

2024-06-15

CVE-2015-2157

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.51 through 0.63

Description The issue concerns the ssh2 load userkey and ssh2 save userkey functions, which do not properly wipe SSH-2 private keys from memory. This allows local users to obtain sensitive information by reading the memory.

Recommendations For PuTTY versions 0.51 through 0.63, update to a version that properly handles the wiping of SSH-2 private keys from memory to prevent sensitive information disclosure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1251

CVE-2015-2157

DLA-173-1

DSA-3190-1

MGASA-2015-0098

OPENSUSE-SU-2024:10374-1

Affected Products

Alt Linux

Putty

PT-2015-5636 · Simon Tatham+1 · Putty+1

CVE-2015-2157

Weakness Enumeration

Related Identifiers

Affected Products

References · 33