CVE-2021-33500
7.5
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
Summary
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
References
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.