CVE-2013-4206Improper Restriction of Operations within the Bounds of a Memory Buffer in Tatham Putty

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 21.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FilezillaPuttySimon Tatham Putty
Timeline
PublishedAug 19
Latest updateMay 13

Description

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

Debianputty/putty< 0.63-1+3
NVDsimon_tatham/putty0.62+1
NVDputty/putty18 versions+17
Debianfilezilla/filezilla< 3.7.3-1+3

Patches

Patch: svn.tartarus.orgPatch: svn.tartarus.org

🔴Vulnerability Details

3
GHSA
GHSA-h3qw-gcpw-f6mg: Heap-based buffer underflow in the modmul function in sshbn2022-05-13
CVEList
CVE-2013-4206: Heap-based buffer underflow in the modmul function in sshbn2013-08-19
OSV
CVE-2013-4206: Heap-based buffer underflow in the modmul function in sshbn2013-08-19

📋Vendor Advisories

1
Debian
CVE-2013-4206: filezilla - Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0....2013

💬Community

1
Bugzilla
CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake2013-08-05
CVE-2013-4206 — Simon Tatham Putty vulnerability | cvebase