Описание
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.71 (исключая)
cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00921
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-320
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 7 лет назад
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVSS3: 7.5
debian
почти 7 лет назад
A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...
CVSS3: 7.5
github
больше 3 лет назад
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVSS3: 7.5
fstec
почти 7 лет назад
Уязвимость средства криптографической защиты PuTTY, связанная с ошибками управления ключами, позволяющая нарушителю перезаписать файлы в системе
EPSS
Процентиль: 76%
0.00921
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-320