CVE-2021-33500 — Putty vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Debian Putty

Timeline

PublishedMay 21

Latest updateMay 24

Description

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDputty/putty< 0.75

▶debiandebian/putty

🔴Vulnerability Details

GHSA

GHSA-vmq2-m9cv-qwqx: PuTTY before 0↗2022-05-24

▶

CVEList

CVE-2021-33500: PuTTY before 0↗2021-05-21

▶

OSV

CVE-2021-33500: PuTTY before 0↗2021-05-21

▶

📋Vendor Advisories

Debian

CVE-2021-33500: putty - PuTTY before 0.75 on Windows allows remote servers to cause a denial of service ...↗2021

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4115 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶