VulnerableCode Package Details - pkg:deb/ubuntu/putty@0.70-6

Search for packages

Package details: pkg:deb/ubuntu/putty@0.70-6

Essentials
History (0)

purl	pkg:deb/ubuntu/putty@0.70-6

Next non-vulnerable version	0.73-1
Latest non-vulnerable version	0.73-1
Risk	3.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-578f-zwyb-aaac Aliases: CVE-2019-17068	PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.	0.73-1 Affected by 0 other vulnerabilities.
VCID-6un4-nzgb-aaak Aliases: CVE-2019-17069	PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.	0.73-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-ah15-cney-aaaa	In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.	CVE-2019-9895
VCID-fv5j-z33q-aaap	Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.	CVE-2019-9898
VCID-mjdj-hpjv-aaaj	A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.	CVE-2019-9894
VCID-t391-f1q1-aaap	Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.	CVE-2019-9897

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version