CVE-2013-4208
N/A
N/A
Summary
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2013/08/06/11
- http://secunia.com/advisories/54533
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
- http://www.debian.org/security/2013/dsa-2736
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
- http://secunia.com/advisories/54379
References
- http://www.openwall.com/lists/oss-security/2013/08/06/11
- http://secunia.com/advisories/54533
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
- http://www.debian.org/security/2013/dsa-2736
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
- http://secunia.com/advisories/54379
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.