CVE-2003-0048 — Putty vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Debian Putty

Timeline

PublishedFeb 19

Latest updateApr 29

Description

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/putty< putty 0.53-b-2003-01-04-1 (bookworm)

▶Debianputty/putty< 0.53-b-2003-01-04-1+3

▶NVDputty/putty4 versions+3

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-vqgf-8h52-rhrp: PuTTY 0↗2022-04-29

▶

OSV

CVE-2003-0048: PuTTY 0↗2003-02-19

▶

📋Vendor Advisories

Debian

CVE-2003-0048: putty - PuTTY 0.53b and earlier does not clear logon credentials from memory, including ...↗2003

▶