CVE-2019-17067

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

Published : 2019-10-01 17:15 Updated : 2019-10-08 18:04

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Putty Putty - cpe:/a:putty:putty:-
Putty Putty 0.45 cpe:/a:putty:putty:0.45
Putty Putty 0.46 cpe:/a:putty:putty:0.46
Putty Putty 0.47 cpe:/a:putty:putty:0.47
Putty Putty 0.48 cpe:/a:putty:putty:0.48
Putty Putty 0.49 cpe:/a:putty:putty:0.49
Putty Putty 0.50 cpe:/a:putty:putty:0.50
Putty Putty 0.51 cpe:/a:putty:putty:0.51
Putty Putty 0.52 cpe:/a:putty:putty:0.52
Putty Putty 0.53 cpe:/a:putty:putty:0.53
Putty Putty 0.53b cpe:/a:putty:putty:0.53b
Putty Putty 0.54 cpe:/a:putty:putty:0.54
Putty Putty 0.55 cpe:/a:putty:putty:0.55
Putty Putty 0.56 cpe:/a:putty:putty:0.56
Putty Putty 0.57 cpe:/a:putty:putty:0.57
Putty Putty 0.58 cpe:/a:putty:putty:0.58
Putty Putty 0.59 cpe:/a:putty:putty:0.59
Putty Putty 0.60 cpe:/a:putty:putty:0.60
Putty Putty 0.61 cpe:/a:putty:putty:0.61
Putty Putty 0.62 cpe:/a:putty:putty:0.62
Putty Putty 0.63 cpe:/a:putty:putty:0.63
Putty Putty 0.65 cpe:/a:putty:putty:0.65
Putty Putty 0.66 cpe:/a:putty:putty:0.66
Putty Putty 0.67 cpe:/a:putty:putty:0.67
Putty Putty 0.68 cpe:/a:putty:putty:0.68
Putty Putty 0.69 cpe:/a:putty:putty:0.69
Putty Putty 0.70 cpe:/a:putty:putty:0.70
Putty Putty 0.71 cpe:/a:putty:putty:0.71
  1. Putty (1) Search CVE
    1. Putty (28) Search CVE
      1. -
      2. 0.45
      3. 0.46
      4. 0.47
      5. 0.48
      6. 0.49
      7. 0.50
      8. 0.51
      9. 0.52
      10. 0.53
      11. 0.53b
      12. 0.54
      13. 0.55
      14. 0.56
      15. 0.57
      16. 0.58
      17. 0.59
      18. 0.60
      19. 0.61
      20. 0.62
      21. 0.63
      22. 0.65
      23. 0.66
      24. 0.67
      25. 0.68
      26. 0.69
      27. 0.70
      28. 0.71

CWE

ID Name Description Links
CWE-770 Allocation of Resources Without Limits or Throttling The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor. CVE

History of changes

Date Event
2019-10-08 18:04
2019-10-01 18:00

New CVE