CVE-2013-4206
Last modified
CVE-2013-4206 is a vulnerability of currently unknown severity. Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.. EPSS estimates a 2.48% chance of exploitation in the next 30 days.
Description
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Putty | Putty | 0.45 | — |
| Putty | Putty | 0.46 | — |
| Putty | Putty | 0.47 | — |
| Putty | Putty | 0.48 | — |
| Putty | Putty | 0.49 | — |
| Putty | Putty | 0.50 | — |
| Putty | Putty | 0.51 | — |
| Putty | Putty | 0.52 | — |
| Putty | Putty | 0.53b | — |
| Putty | Putty | 0.54 | — |
| Putty | Putty | 0.55 | — |
| Putty | Putty | 0.56 | — |
| Putty | Putty | 0.57 | — |
| Putty | Putty | 0.58 | — |
| Putty | Putty | 0.59 | — |
| Putty | Putty | 0.60 | — |
| Putty | Putty | 0.61 | — |
| Putty | Putty | 2010-06-01 | R8967 |
| Simon Tatham | Putty | <= 0.62 | — |
| Simon Tatham | Putty | 0.53 | — |
References
- http://secunia.com/advisories/54379Vendor Advisory
- http://secunia.com/advisories/54379Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4206?
How severe is CVE-2013-4206?
How do I fix CVE-2013-4206?
Are you affected by CVE-2013-4206?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST