CVE-2013-4206
NONE EPSS 82.6%
Published Aug 19, 201312y ago · Modified Jun 16, 20262w ago
Published Aug 19, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
Threat Intelligence
EPSS Exploit Probability
82.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 20
| Vendor | Product | Version | Range |
|---|---|---|---|
| putty | putty | 0.45 | any |
| putty | putty | 0.46 | any |
| putty | putty | 0.47 | any |
| putty | putty | 0.48 | any |
| putty | putty | 0.49 | any |
| putty | putty | 0.50 | any |
| putty | putty | 0.51 | any |
| putty | putty | 0.52 | any |
| putty | putty | 0.53b | any |
| putty | putty | 0.54 | any |
| putty | putty | 0.55 | any |
| putty | putty | 0.56 | any |
| putty | putty | 0.57 | any |
| putty | putty | 0.58 | any |
| putty | putty | 0.59 | any |
| putty | putty | 0.60 | any |
| putty | putty | 0.61 | any |
| putty | putty | 2010-06-01 | any |
| simon_tatham | putty | * | ≤0.62 |
| simon_tatham | putty | 0.53 | any |
References 7
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
- secunia.com http://secunia.com/advisories/54379
- secunia.com http://secunia.com/advisories/54533
- svn.tartarus.org http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977
- chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
- debian.org http://www.debian.org/security/2013/dsa-2736
- openwall.com http://www.openwall.com/lists/oss-security/2013/08/06/11
Remediation
- svn.tartarus.org http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977