MidnightBSD

Advisories for putty

CVE-2000-0476 MEDIUM

xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.48
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.3
rxvt rxvt 2.6.1
michael_jennings eterm 0.8.10
CVE-2002-1357 HIGH

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
cisco ios 12.1ea
fissh ssh_client 1.0a_for_windows
winscp winscp 2.0.0
cisco ios 12.0st
cisco ios 12.2
cisco ios 12.2t
pragma_systems secureshell 2.0
putty putty 0.53
cisco ios 12.1e
cisco ios 12.1t
intersoft securenetterm 5.4.1
cisco ios 12.0s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2s
CVE-2002-1358 HIGH

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
cisco ios 12.1ea
fissh ssh_client 1.0a_for_windows
winscp winscp 2.0.0
cisco ios 12.0st
cisco ios 12.2
cisco ios 12.2t
pragma_systems secureshell 2.0
putty putty 0.53
cisco ios 12.1e
cisco ios 12.1t
intersoft securenetterm 5.4.1
cisco ios 12.0s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2s
CVE-2002-1359 HIGH

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
cisco ios 12.1ea
fissh ssh_client 1.0a_for_windows
winscp winscp 2.0.0
cisco ios 12.0st
cisco ios 12.2
cisco ios 12.2t
pragma_systems secureshell 2.0
putty putty 0.53
cisco ios 12.1e
cisco ios 12.1t
intersoft securenetterm 5.4.1
cisco ios 12.0s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2s
CVE-2002-1360 HIGH

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
cisco ios 12.1ea
fissh ssh_client 1.0a_for_windows
winscp winscp 2.0.0
cisco ios 12.0st
cisco ios 12.2
cisco ios 12.2t
pragma_systems secureshell 2.0
putty putty 0.53
cisco ios 12.1e
cisco ios 12.1t
intersoft securenetterm 5.4.1
cisco ios 12.0s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2s
CVE-2003-0048 MEDIUM

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
putty putty 0.53b
putty putty 0.53
CVE-2003-0069 HIGH

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.53
CVE-2004-1008 HIGH

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
putty putty 0.51
putty putty 0.55
putty putty 0.53b
putty putty 0.50
putty putty 0.52
tortoisecvs tortoisecvs 1.8
putty putty 0.53
putty putty 0.54
CVE-2004-1440 HIGH

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
putty putty 0.51
putty putty 0.53b
putty putty 0.50
putty putty 0.52
putty putty 0.53
putty putty 0.54
CVE-2005-0467 HIGH

Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty *
CVE-2013-4206 MEDIUM

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
simon_tatham putty 0.53
putty putty 0.53b
putty putty 0.61
putty putty 0.52
putty putty 0.45
putty putty 0.59
putty putty 0.54
putty putty 2010-06-01
putty putty 0.58
putty putty 0.60
putty putty 0.51
putty putty 0.55
putty putty 0.46
simon_tatham putty *
putty putty 0.47
putty putty 0.56
putty putty 0.50
putty putty 0.57
CVE-2013-4207 MEDIUM

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
simon_tatham putty 0.53
putty putty 0.53b
putty putty 0.61
putty putty 0.52
putty putty 0.45
putty putty 0.59
putty putty 0.54
putty putty 2010-06-01
putty putty 0.58
putty putty 0.60
putty putty 0.51
putty putty 0.55
putty putty 0.46
simon_tatham putty *
putty putty 0.47
putty putty 0.56
putty putty 0.50
putty putty 0.57
CVE-2013-4208 LOW

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
putty putty 0.49
putty putty 0.48
simon_tatham putty 0.53
putty putty 0.53b
putty putty 0.61
putty putty 0.52
putty putty 0.45
putty putty 0.59
putty putty 0.54
putty putty 0.58
putty putty 0.60
putty putty 0.51
putty putty 0.55
putty putty 0.46
simon_tatham putty *
putty putty 0.47
putty putty 0.56
putty putty 0.50
putty putty 0.57
CVE-2013-4852 MEDIUM

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
winscp winscp 5.0.7
putty putty 0.48
winscp winscp 5.0
winscp winscp 4.4.0
putty putty 0.53b
winscp winscp 5.0.5
putty putty 0.58
putty putty 0.51
winscp winscp 4.0.5
winscp winscp 5.0.8
winscp winscp 5.1.3
debian debian_linux 6.0
putty putty 0.49
winscp winscp 4.0.4
winscp winscp 4.3.2
winscp winscp 4.3.6
putty putty 0.61
winscp winscp 4.3.7
putty putty 0.52
winscp winscp 5.0.3
putty putty 0.45
putty putty 0.54
putty putty 2010-06-01
winscp winscp 5.1.4
putty putty 0.47
putty putty 0.56
winscp winscp 5.0.1
winscp winscp 3.8_beta
debian debian_linux 7.1
winscp winscp 4.2.7
winscp winscp 5.0.4
debian debian_linux 7.0
opensuse opensuse 12.3
winscp winscp 5.0.9
winscp winscp 4.3.8
putty putty 0.59
putty putty 0.55
winscp winscp 3.7.6
winscp winscp 5.1.2
putty putty 0.46
winscp winscp 4.2.6
winscp winscp *
winscp winscp 5.1.1
winscp winscp 4.3.4
putty putty 0.57
winscp winscp 5.1
winscp winscp 4.2.8
winscp winscp 5.0.2
winscp winscp 4.3.5
simon_tatham putty 0.53
winscp winscp 5.0.6
winscp winscp 4.3.9
winscp winscp 3.8.2
putty putty 0.60
simon_tatham putty *
putty putty 0.50
winscp winscp 4.2.9
CVE-2015-2157 LOW

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 7.0
fedoraproject fedora 20
simon_tatham putty 0.53
putty putty 0.53b
putty putty 0.61
putty putty 0.62
putty putty 0.52
opensuse opensuse 13.1
opensuse opensuse 13.2
putty putty 0.59
putty putty 0.54
fedoraproject fedora 22
putty putty 0.58
putty putty 0.60
putty putty 0.51
putty putty 0.55
putty putty 0.63
putty putty 0.56
putty putty 0.57
CVE-2016-6167 MEDIUM

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
putty putty 0.67
CVE-2017-6542 HIGH

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
putty putty *
opensuse_project leap 42.1
opensuse leap 42.2
CVE-2019-17067 HIGH

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
putty putty *
CVE-2019-17068 MEDIUM

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
opensuse leap 15.0
putty putty *
opensuse leap 15.1
CVE-2019-17069 MEDIUM

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
opensuse leap 15.0
netapp oncommand_unified_manager_core_package -
putty putty *
opensuse leap 15.1
CVE-2019-9894 MEDIUM

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-320,

Products Affected

Vendor Product Version
fedoraproject fedora 29
opensuse leap 15.0
netapp oncommand_unified_manager -
debian debian_linux 8.0
debian debian_linux 9.0
putty putty *
fedoraproject fedora 28
CVE-2019-9895 HIGH

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 29
putty putty *
fedoraproject fedora 28
CVE-2019-9896 MEDIUM

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
opensuse leap 15.0
opensuse backports_sle 15.0
putty putty *
CVE-2019-9897 MEDIUM

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 29
opensuse leap 15.0
netapp oncommand_unified_manager -
debian debian_linux 8.0
debian debian_linux 9.0
putty putty *
fedoraproject fedora 28
CVE-2019-9898 HIGH

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
fedoraproject fedora 29
opensuse leap 15.0
netapp oncommand_unified_manager -
debian debian_linux 8.0
debian debian_linux 9.0
putty putty *
fedoraproject fedora 28
CVE-2020-14002 MEDIUM

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
netapp oncommand_unified_manager_core_package -
putty putty *
fedoraproject fedora 31
fedoraproject fedora 32
CVE-2021-33500 MEDIUM

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
putty putty *
CVE-2021-36367 MEDIUM

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
putty putty *
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
russh_project russh *
panic transmit_5 *
gentoo security -
asyncssh_project asyncssh *
redhat openshift_gitops -
redhat jboss_enterprise_application_platform 7.0
apple macos *
filezilla-project filezilla_client *
bitvise ssh_server *
netsarang xshell_7 *
redhat enterprise_linux 8.0
redhat openstack_platform 16.2
lancom-systems lcos_sx 4.20
crates thrussh *
golang crypto *
putty putty *
debian debian_linux 10.0
fedoraproject fedora 38
redhat cert-manager_operator_for_red_hat_openshift -
redhat keycloak -
jadaptive maverick_synergy_java_ssh_api *
redhat advanced_cluster_security 3.0
redhat openshift_api_for_data_protection -
redhat openshift_serverless -
redhat ceph_storage 6.0
microsoft powershell *
freebsd freebsd *
dropbear_ssh_project dropbear_ssh *
redhat openshift_developer_tools_and_services -
paramiko paramiko *
tera_term_project tera_term *
redhat openstack_platform 16.1
redhat openshift_container_platform 4.0
panic nova *
net-ssh net-ssh 7.2.0
redhat single_sign-on 7.0
erlang erlang/otp *
tinyssh tinyssh *
roumenpetrov pkixssh *
bitvise ssh_client *
oryx-embedded cyclone_ssh *
redhat openshift_virtualization 4
openbsd openssh *
fedoraproject fedora 39
lancom-systems lcos_lx -
lancom-systems lcos_fx -
matez jsch *
winscp winscp *
redhat openshift_data_foundation 4.0
redhat advanced_cluster_security 4.0
lancom-systems lcos_sx 5.20
redhat discovery -
redhat openstack_platform 17.1
crushftp crushftp *
libssh2 libssh2 *
apache sshd *
vandyke securecrt *
lancom-systems lanconfig -
connectbot sshlib *
apache sshj *
redhat openshift_dev_spaces -
thorntech sftp_gateway_firmware *
sftpgo_project sftpgo *
lancom-systems lcos *
trilead ssh2 6401
redhat storage 3.0
proftpd proftpd *
redhat openshift_pipelines -
redhat enterprise_linux 9.0
ssh ssh *
libssh libssh *
netgate pfsense_plus *
netgate pfsense_ce *
kitty_project kitty *
ssh2_project ssh2 *
CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

Products Affected

Vendor Product Version
tigris tortoisesvn *
fedoraproject fedora 40
winscp winscp *
tortoisegit tortoisegit *
fedoraproject fedora 39
putty putty *
fedoraproject fedora 38
filezilla-project filezilla_client *