Buffer overflow in Putty

CVE-2013-4207

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow duri…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (69.3th percentile) — read the EPSS interpretation.

Affected products

Putty — versions 0.45, 0.46, 0.47
Simon_tatham Putty — versions 0.53
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63 (mailing-list, x_refsource_MLIST)
54533 (x_refsource_SECUNIA, third-party-advisory)
DSA-2736 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2013:1347 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
54379 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)