Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2013-4208

Published: 19/08/2013 Updated: 21/03/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Putty

Vulnerability Summary

The rsa_verify function in PuTTY prior to 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

putty putty 0.54

putty putty 0.53b

simon tatham putty 0.53

putty putty 0.52

putty putty 0.61

simon tatham putty

putty putty 0.60

putty putty 0.59

putty putty 0.47

putty putty 0.46

putty putty 0.45

putty putty 0.57

putty putty 0.55

putty putty 0.51

putty putty 0.49

putty putty 0.58

putty putty 0.56

putty putty 0.50

putty putty 0.48

Vendor Advisories

Debian CVElist Bug Report Logs: filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208
Debian Bug report logs - #719070 filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 Package: filezilla; Maintainer for filezilla is Adrien Cunin <adri2000@ubuntucom>; Source for filezilla is src:filezilla (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Aug 2013 08:39:02 UT ...
Debian CVElist Bug Report Logs: putty: CVE-2013-4852
Debian Bug report logs - #718779 putty: CVE-2013-4852 Package: putty; Maintainer for putty is Colin Watson <cjwatson@debianorg>; Source for putty is src:putty (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 5 Aug 2013 11:03:02 UTC Severity: grave Tags: security Fixed in versions ...
Debian Security Advisories: DSA-2736-1 putty -- several vulnerabilities
Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4206 Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication As the modmul function is called duri ...

References

CWE-200http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.htmlhttp://www.debian.org/security/2013/dsa-2736http://www.openwall.com/lists/oss-security/2013/08/06/11http://secunia.com/advisories/54379http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.htmlhttp://secunia.com/advisories/54533https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719070https://www.debian.org/security/./dsa-2736
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook