CVE-2019-9896 — Uncontrolled Search Path Element in Putty

CWE-427 — Uncontrolled Search Path Element4 documents4 sources

Severity

7.8HIGHNVD

EPSS

2.2%

top 15.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Opensuse Backports SLE Opensuse Leap

Timeline

PublishedMar 21

Latest updateMay 13

Description

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDputty/putty< 0.71

▶NVDopensuse/leap15.0

▶NVDopensuse/backports_sle15.0

🔴Vulnerability Details

GHSA

GHSA-x5pv-35h7-pm8q: In PuTTY versions before 0↗2022-05-13

▶

CVEList

CVE-2019-9896: In PuTTY versions before 0↗2019-03-21

▶

📋Vendor Advisories

Debian

CVE-2019-9896: putty - In PuTTY versions before 0.71 on Windows, local attackers could hijack the appli...↗2019

▶