CVE-2013-4208

Published: Aug 19, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20130806 CVE request: three additional flaws fixed in putty 0.63

mailing-list

x_refsource_MLIST

54533

third-party-advisory

x_refsource_SECUNIA

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html

x_refsource_CONFIRM

DSA-2736

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2013:1347

vendor-advisory

x_refsource_SUSE

54379

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-4208

Description

Affected Products

References