CVE-2013-4207
Last modified
CVE-2013-4207 is a vulnerability of currently unknown severity. Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.. EPSS estimates a 1.83% chance of exploitation in the next 30 days.
Description
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Putty | Putty | 0.45 | — |
| Putty | Putty | 0.46 | — |
| Putty | Putty | 0.47 | — |
| Putty | Putty | 0.48 | — |
| Putty | Putty | 0.49 | — |
| Putty | Putty | 0.50 | — |
| Putty | Putty | 0.51 | — |
| Putty | Putty | 0.52 | — |
| Putty | Putty | 0.53b | — |
| Putty | Putty | 0.54 | — |
| Putty | Putty | 0.55 | — |
| Putty | Putty | 0.56 | — |
| Putty | Putty | 0.57 | — |
| Putty | Putty | 0.58 | — |
| Putty | Putty | 0.59 | — |
| Putty | Putty | 0.60 | — |
| Putty | Putty | 0.61 | — |
| Putty | Putty | 2010-06-01 | R8967 |
| Simon Tatham | Putty | <= 0.62 | — |
| Simon Tatham | Putty | 0.53 | — |
References
- http://secunia.com/advisories/54379Vendor Advisory
- http://secunia.com/advisories/54379Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4207?
How severe is CVE-2013-4207?
How do I fix CVE-2013-4207?
Are you affected by CVE-2013-4207?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST