CVE-2013-4206

NONE EPSS 82.6%
Published Aug 19, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 19, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

Threat Intelligence

EPSS Exploit Probability
82.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 20

VendorProductVersionRange
puttyputty0.45any
puttyputty0.46any
puttyputty0.47any
puttyputty0.48any
puttyputty0.49any
puttyputty0.50any
puttyputty0.51any
puttyputty0.52any
puttyputty0.53bany
puttyputty0.54any
puttyputty0.55any
puttyputty0.56any
puttyputty0.57any
puttyputty0.58any
puttyputty0.59any
puttyputty0.60any
puttyputty0.61any
puttyputty2010-06-01any
simon_tathamputty* ≤0.62
simon_tathamputty0.53any

References 7

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
  • secunia.com http://secunia.com/advisories/54379
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54533
  • svn.tartarus.org http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977
    Patch
  • chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
    Vendor Advisory
  • debian.org http://www.debian.org/security/2013/dsa-2736
  • openwall.com http://www.openwall.com/lists/oss-security/2013/08/06/11

Remediation

  • svn.tartarus.org http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977
    Patch