CVE-2015-2157
Published Mar 27, 2015
Last updated 6 years ago
Overview
- Description
- The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC082AE0-C49D-4944-BE76-B751DAD1EF84"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23BAD8E4-2D3A-45EE-A25D-77BD698119BB"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F7716EC-E0F9-4E50-8351-35D2F248B380"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C2BD4D-9817-459E-ACF4-9C95233200A2"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22EE5957-76F3-4B20-ADE7-E72D1300A3F0"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "826FA7E4-7F48-4D1C-856C-A965527B0950"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA54ADC7-2A36-40DA-8219-DAA31509E534"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A14381E-91A1-4902-B409-1281CFA2D561"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B33EB10-535F-42F2-8F78-CE128A89447C"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5966235B-2F1A-45C5-AF65-99FFFE4725DF"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.62:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9942BA6-8947-4742-9A38-2E2F2F5DD341"
},
{
"criteria": "cpe:2.3:a:putty:putty:0.63:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "811276A3-5FB5-4718-94FF-E9B6503B8ABB"
},
{
"criteria": "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "129133D1-B374-4743-9F52-27D0A9558D17"
}
],
"operator": "OR"
}
]
}
]