CVE-2013-4207

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.

Published : 2013-08-19 23:55 Updated : 2019-03-21 17:04

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Putty Putty 0.45 cpe:/a:putty:putty:0.45
Putty Putty 0.46 cpe:/a:putty:putty:0.46
Putty Putty 0.47 cpe:/a:putty:putty:0.47
Putty Putty 0.48 cpe:/a:putty:putty:0.48
Putty Putty 0.49 cpe:/a:putty:putty:0.49
Putty Putty 0.50 cpe:/a:putty:putty:0.50
Putty Putty 0.51 cpe:/a:putty:putty:0.51
Putty Putty 0.52 cpe:/a:putty:putty:0.52
Putty Putty 0.53b cpe:/a:putty:putty:0.53b
Putty Putty 0.54 cpe:/a:putty:putty:0.54
Putty Putty 0.55 cpe:/a:putty:putty:0.55
Putty Putty 0.56 cpe:/a:putty:putty:0.56
Putty Putty 0.57 cpe:/a:putty:putty:0.57
Putty Putty 0.58 cpe:/a:putty:putty:0.58
Putty Putty 0.59 cpe:/a:putty:putty:0.59
Putty Putty 0.60 cpe:/a:putty:putty:0.60
Putty Putty 0.61 cpe:/a:putty:putty:0.61
Simon Tatham Putty 0.53 cpe:/a:simon_tatham:putty:0.53
Simon Tatham Putty 2010-06-01 cpe:/a:simon_tatham:putty:2010-06-01:r8967:~~development_snapshot~~~
Simon Tatham Putty 0.62 cpe:/a:simon_tatham:putty:0.62
  1. Putty (1) Search CVE
    1. Putty (17) Search CVE
      1. 0.45
      2. 0.46
      3. 0.47
      4. 0.48
      5. 0.49
      6. 0.50
      7. 0.51
      8. 0.52
      9. 0.53b
      10. 0.54
      11. 0.55
      12. 0.56
      13. 0.57
      14. 0.58
      15. 0.59
      16. 0.60
      17. 0.61
  2. Simon Tatham (1) Search CVE
    1. Putty (3) Search CVE
      1. 0.53
      2. 2010-06-01
      3. 0.62

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-03-21 17:04
2013-08-19 23:55

New CVE