CVE-2013-4207

NONE
Published Aug 19, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 19, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 20

VendorProductVersionRange
puttyputty0.45any
puttyputty0.46any
puttyputty0.47any
puttyputty0.48any
puttyputty0.49any
puttyputty0.50any
puttyputty0.51any
puttyputty0.52any
puttyputty0.53bany
puttyputty0.54any
puttyputty0.55any
puttyputty0.56any
puttyputty0.57any
puttyputty0.58any
puttyputty0.59any
puttyputty0.60any
puttyputty0.61any
puttyputty2010-06-01any
simon_tathamputty* ≤0.62
simon_tathamputty0.53any

References 6

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
  • secunia.com http://secunia.com/advisories/54379
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54533
  • chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
    Vendor Advisory
  • debian.org http://www.debian.org/security/2013/dsa-2736
  • openwall.com http://www.openwall.com/lists/oss-security/2013/08/06/11

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.