CVE-2021-33500
Last modified
CVE-2021-33500 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.. EPSS estimates a 1.97% chance of exploitation in the next 30 days.
Description
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Putty | Putty | < 0.75 |
References
- https://docs.ssh-mitm.at/puttydos.htmlExploit, Third Party Advisory
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.pyExploit, Third Party Advisory
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes, Third Party Advisory
- https://docs.ssh-mitm.at/puttydos.htmlExploit, Third Party Advisory
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.pyExploit, Third Party Advisory
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-33500?
How severe is CVE-2021-33500?
How do I fix CVE-2021-33500?
Are you affected by CVE-2021-33500?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST