Search for vulnerabilities
Vulnerability details: VCID-ct4j-fs96-aaaa
Vulnerability ID VCID-ct4j-fs96-aaaa
Aliases CVE-2013-4208
Summary The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2013-4208
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4852
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2013-4208
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
https://api.first.org/data/v1/epss?cve=CVE-2013-4208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4852
http://secunia.com/advisories/54379
http://secunia.com/advisories/54533
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
http://www.debian.org/security/2013/dsa-2736
http://www.openwall.com/lists/oss-security/2013/08/06/11
719070 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719070
cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*
cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*
cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*
cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*
CVE-2013-4208 https://nvd.nist.gov/vuln/detail/CVE-2013-4208
GLSA-201309-08 https://security.gentoo.org/glsa/201309-08
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4208
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.05128
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.