CVE-2019-9894 — Putty vulnerability
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 21
Latest updateMay 14
Description
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28, 29
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-pwmv-rrj5-fgmx: A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0↗2022-05-14
OSV▶
CVE-2019-9894: A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0↗2019-03-21
CVEList▶
CVE-2019-9894: A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0↗2019-03-21
📋Vendor Advisories
1Debian▶
CVE-2019-9894: putty - A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71...↗2019