Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-4206

Published: 19/08/2013 Updated: 06/08/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Putty

Vulnerability Summary

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY prior to 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

simon tatham putty 0.53

putty putty 0.52

putty putty 0.51

putty putty 0.50

putty putty 0.61

putty putty 0.60

putty putty 0.59

putty putty 0.58

putty putty 0.57

putty putty 0.45

putty putty 2010-06-01

simon tatham putty

putty putty 0.55

putty putty 0.53b

putty putty 0.49

putty putty 0.47

putty putty 0.56

putty putty 0.54

putty putty 0.48

putty putty 0.46

Vendor Advisories

Debian CVElist Bug Report Logs: filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208
Debian Bug report logs - #719070 filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 Package: filezilla; Maintainer for filezilla is Adrien Cunin <adri2000@ubuntucom>; Source for filezilla is src:filezilla (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Aug 2013 08:39:02 UT ...
Debian CVElist Bug Report Logs: putty: CVE-2013-4852
Debian Bug report logs - #718779 putty: CVE-2013-4852 Package: putty; Maintainer for putty is Colin Watson <cjwatson@debianorg>; Source for putty is src:putty (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 5 Aug 2013 11:03:02 UTC Severity: grave Tags: security Fixed in versions ...
Debian Security Advisories: DSA-2736-1 putty -- several vulnerabilities
Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4206 Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication As the modmul function is called duri ...

References

CWE-119http://www.debian.org/security/2013/dsa-2736http://www.openwall.com/lists/oss-security/2013/08/06/11http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.htmlhttp://secunia.com/advisories/54379http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.htmlhttp://secunia.com/advisories/54533https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719070https://www.debian.org/security/./dsa-2736
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook