CVE-2013-4206

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

Published : 2013-08-19 23:55 Updated : 2019-03-21 17:04

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Simon Tatham Putty 0.53 cpe:/a:simon_tatham:putty:0.53
Simon Tatham Putty 2010-06-01 cpe:/a:simon_tatham:putty:2010-06-01:r8967:~~development_snapshot~~~
Simon Tatham Putty 0.62 cpe:/a:simon_tatham:putty:0.62
Putty Putty 0.45 cpe:/a:putty:putty:0.45
Putty Putty 0.46 cpe:/a:putty:putty:0.46
Putty Putty 0.47 cpe:/a:putty:putty:0.47
Putty Putty 0.48 cpe:/a:putty:putty:0.48
Putty Putty 0.49 cpe:/a:putty:putty:0.49
Putty Putty 0.50 cpe:/a:putty:putty:0.50
Putty Putty 0.51 cpe:/a:putty:putty:0.51
Putty Putty 0.52 cpe:/a:putty:putty:0.52
Putty Putty 0.53b cpe:/a:putty:putty:0.53b
Putty Putty 0.54 cpe:/a:putty:putty:0.54
Putty Putty 0.55 cpe:/a:putty:putty:0.55
Putty Putty 0.56 cpe:/a:putty:putty:0.56
Putty Putty 0.57 cpe:/a:putty:putty:0.57
Putty Putty 0.58 cpe:/a:putty:putty:0.58
Putty Putty 0.59 cpe:/a:putty:putty:0.59
Putty Putty 0.60 cpe:/a:putty:putty:0.60
Putty Putty 0.61 cpe:/a:putty:putty:0.61
  1. Simon Tatham (1) Search CVE
    1. Putty (3) Search CVE
      1. 0.53
      2. 2010-06-01
      3. 0.62
  2. Putty (1) Search CVE
    1. Putty (17) Search CVE
      1. 0.45
      2. 0.46
      3. 0.47
      4. 0.48
      5. 0.49
      6. 0.50
      7. 0.51
      8. 0.52
      9. 0.53b
      10. 0.54
      11. 0.55
      12. 0.56
      13. 0.57
      14. 0.58
      15. 0.59
      16. 0.60
      17. 0.61

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-03-21 17:04
2013-08-19 23:55

New CVE