CVE-2015-2157
NONE EPSS 43.6%
Published Mar 27, 201511y ago · Modified Jun 17, 20262w ago
Published Mar 27, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
Threat Intelligence
EPSS Exploit Probability
43.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| debian | debian_linux | 7.0 | any |
| fedoraproject | fedora | 20 | any |
| fedoraproject | fedora | 22 | any |
| opensuse | opensuse | 13.1 | any |
| opensuse | opensuse | 13.2 | any |
| putty | putty | 0.51 | any |
| putty | putty | 0.52 | any |
| putty | putty | 0.53b | any |
| putty | putty | 0.54 | any |
| putty | putty | 0.55 | any |
| putty | putty | 0.56 | any |
| putty | putty | 0.57 | any |
| putty | putty | 0.58 | any |
| putty | putty | 0.59 | any |
| putty | putty | 0.60 | any |
| putty | putty | 0.61 | any |
| putty | putty | 0.62 | any |
| putty | putty | 0.63 | any |
| simon_tatham | putty | 0.53 | any |
References 10
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html
- chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
- debian.org http://www.debian.org/security/2015/dsa-3190
- openwall.com http://www.openwall.com/lists/oss-security/2015/02/28/4
- openwall.com http://www.openwall.com/lists/oss-security/2015/02/28/5
- securityfocus.com http://www.securityfocus.com/bid/72825
Remediation
- chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- chiark.greenend.org.uk http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html