Memory Management Flaw in PuTTY by Simon Tatham
CVE-2011-4607

Currently unrated

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 23 August 2013

What is CVE-2011-4607?

PuTTY versions 0.59 through 0.61 contain a vulnerability in their memory management processes during keyboard-interactive authentication. This flaw prevents the proper clearing of sensitive process memory when handling user replies, posing a risk that allows local users with access to the system to retrieve sensitive data such as login passwords from the process memory. This vulnerability highlights the importance of secure memory management practices to safeguard user credentials during authentication processes.

References

http://seclists.org/oss-sec/2011/q4/500

mailing-listx_refsource_MLIST

http://seclists.org/oss-sec/2011/q4/499

mailing-listx_refsource_MLIST

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlis...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 23, 2013

Putty

What is CVE-2011-4607?

References

Timeline