CVE-2024-31497

MEDIUM EPSS 92.2%
Published Apr 15, 20242y ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Apr 15, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
92.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-338

Affected Products 8

VendorProductVersionRange
puttyputty*≥0.68  –  <0.81
filezilla-projectfilezilla_client* <3.67.0
winscpwinscp* <6.3.3
tortoisegittortoisegit* <2.15.0.1
tigristortoisesvn* <1.14.6
fedoraprojectfedora38any
fedoraprojectfedora39any
fedoraprojectfedora40any

References 32

  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/15/6
    Mailing ListThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2275183
    Issue Tracking
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1222864
    Issue Tracking
  • docs.ccv.brown.edu https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty
    Product
  • filezilla-project.org https://filezilla-project.org/versions.php
    Release Notes
  • git.tartarus.org https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git
    Mailing ListPatch
  • github.com https://github.com/advisories/GHSA-6p4c-r453-8743
    Third Party Advisory
  • github.com https://github.com/daedalus/BreakingECDSAwithLLL
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/
  • news.ycombinator.com https://news.ycombinator.com/item?id=40044665
    Issue Tracking
  • security-tracker.debian.org https://security-tracker.debian.org/tracker/CVE-2024-31497
    Third Party Advisory
  • securityonline.info https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/
    Press/Media Coverage
  • tartarus.org https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward
    Product
  • tortoisegit.org https://tortoisegit.org
    Third Party Advisory
  • twitter.com https://twitter.com/CCBalert/status/1780229237569470549
    Press/Media Coverage
  • twitter.com https://twitter.com/lambdafu/status/1779969509522133272
    Press/Media Coverage
  • winscp.net https://winscp.net/eng/news.php
    Third Party Advisory
  • bleepingcomputer.com https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
    Press/Media Coverage
  • chiark.greenend.org.uk https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
    Release NotesVendor Advisory
  • chiark.greenend.org.uk https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
    Vendor Advisory
  • openwall.com https://www.openwall.com/lists/oss-security/2024/04/15/6
    Mailing ListThird Party Advisory
  • reddit.com https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/
    Press/Media Coverage
  • vicarius.io https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497

Remediation

  • git.tartarus.org https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git
    Mailing ListPatch