CVE-2013-4207Improper Restriction of Operations within the Bounds of a Memory Buffer in Tatham Putty

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
4.3MEDIUMNVD
CNA6.8OSV6.8
EPSS
0.6%
top 31.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FilezillaPuttySimon Tatham Putty
Timeline
PublishedAug 19
Latest updateMay 13

Description

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianputty/putty< 0.63-1+3
NVDsimon_tatham/putty0.62+1
NVDputty/putty18 versions+17
Debianfilezilla/filezilla< 3.7.3-1+3

🔴Vulnerability Details

3
GHSA
GHSA-gqcg-rpgj-92fp: Buffer overflow in sshbn2022-05-13
OSV
CVE-2013-4207: Buffer overflow in sshbn2013-08-19
CVEList
CVE-2013-4207: Buffer overflow in sshbn2013-08-19

📋Vendor Advisories

1
Debian
CVE-2013-4207: filezilla - Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cau...2013

💬Community

1
Bugzilla
CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 putty: Integer overflow, leading to heap-based buffer overflow during SSH handshake2013-08-05
CVE-2013-4207 — Simon Tatham Putty vulnerability | cvebase