CVE-2013-4208

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Published : 2013-08-19 23:55 Updated : 2019-03-21 17:04

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Putty Putty 0.45 cpe:/a:putty:putty:0.45
Putty Putty 0.46 cpe:/a:putty:putty:0.46
Putty Putty 0.47 cpe:/a:putty:putty:0.47
Putty Putty 0.48 cpe:/a:putty:putty:0.48
Putty Putty 0.49 cpe:/a:putty:putty:0.49
Putty Putty 0.50 cpe:/a:putty:putty:0.50
Putty Putty 0.51 cpe:/a:putty:putty:0.51
Putty Putty 0.52 cpe:/a:putty:putty:0.52
Putty Putty 0.53b cpe:/a:putty:putty:0.53b
Putty Putty 0.54 cpe:/a:putty:putty:0.54
Putty Putty 0.55 cpe:/a:putty:putty:0.55
Putty Putty 0.56 cpe:/a:putty:putty:0.56
Putty Putty 0.57 cpe:/a:putty:putty:0.57
Putty Putty 0.58 cpe:/a:putty:putty:0.58
Putty Putty 0.59 cpe:/a:putty:putty:0.59
Putty Putty 0.60 cpe:/a:putty:putty:0.60
Putty Putty 0.61 cpe:/a:putty:putty:0.61
Simon Tatham Putty 0.53 cpe:/a:simon_tatham:putty:0.53
Simon Tatham Putty 0.62 cpe:/a:simon_tatham:putty:0.62
  1. Putty (1) Search CVE
    1. Putty (17) Search CVE
      1. 0.45
      2. 0.46
      3. 0.47
      4. 0.48
      5. 0.49
      6. 0.50
      7. 0.51
      8. 0.52
      9. 0.53b
      10. 0.54
      11. 0.55
      12. 0.56
      13. 0.57
      14. 0.58
      15. 0.59
      16. 0.60
      17. 0.61
  2. Simon Tatham (1) Search CVE
    1. Putty (2) Search CVE
      1. 0.53
      2. 0.62

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-03-21 17:04
2013-08-19 23:55

New CVE