Buffer overflow in Putty

CVE-2013-4206

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which i…

Vulnerability class: Buffer Overflow

EPSS: 0.011 (78.7th percentile) — read the EPSS interpretation.

Affected products

Putty — versions 0.45, 0.46, 0.47
Simon_tatham Putty — versions 0.53
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63 (mailing-list, x_refsource_MLIST)
54533 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
DSA-2736 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2013:1347 (vendor-advisory, x_refsource_SUSE)
54379 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)