Buffer Overflow in PuTTY Allows Denial of Service via Insecure DSA Signature Handling
CVE-2013-4207

Currently unrated

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 19 August 2013

What is CVE-2013-4207?

A buffer overflow vulnerability exists in the sshbn.c component of PuTTY versions before 0.63. This flaw allows remote SSH servers to exploit incorrectly handled DSA signatures that can trigger a denial of service (DoS) condition. The vulnerability arises during the computation of a modular inverse, leading to an overflow when division by zero is encountered within the bignum functionality. This issue differs from previous vulnerabilities affecting the same software, highlighting the need for users to update their installations to maintain security.

References

http://www.openwall.com/lists/oss-security/2013/08/06/11

mailing-listx_refsource_MLIST

http://secunia.com/advisories/54533

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2013/dsa-2736

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Aug 19, 2013
Vulnerability Reserved
Jun 12, 2013

Putty

What is CVE-2013-4207?

References

Timeline