CVE-2013-4208
Published Aug 19, 2013
Last updated 6 years ago
Overview
- Description
- The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D5EB349-B1DF-4CF5-9468-37DC66A929C3"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF223411-6FA4-43EC-8668-7DB4A98E4DEA"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0E87C56-DFD9-45D9-9169-3BB94F647F15"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2791C9DD-F55D-4683-85AF-B6814C34EFBF"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC082AE0-C49D-4944-BE76-B751DAD1EF84"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23BAD8E4-2D3A-45EE-A25D-77BD698119BB"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F7716EC-E0F9-4E50-8351-35D2F248B380"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C2BD4D-9817-459E-ACF4-9C95233200A2"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22EE5957-76F3-4B20-ADE7-E72D1300A3F0"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "826FA7E4-7F48-4D1C-856C-A965527B0950"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA54ADC7-2A36-40DA-8219-DAA31509E534"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A14381E-91A1-4902-B409-1281CFA2D561"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B33EB10-535F-42F2-8F78-CE128A89447C"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5966235B-2F1A-45C5-AF65-99FFFE4725DF"
},
{
"criteria": "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0",
"versionEndIncluding": "0.62"
},
{
"criteria": "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "129133D1-B374-4743-9F52-27D0A9558D17"
}
],
"operator": "OR"
}
]
}
]