Memory Management Flaw in PuTTY Affects Sensitive Key Security
CVE-2013-4208

Currently unrated

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 19 August 2013

What is CVE-2013-4208?

A vulnerability in the rsa_verify function of PuTTY prior to version 0.63 has been identified, where sensitive process memory is not properly cleared after use. This could potentially leave private RSA and DSA keys exposed in memory, enabling local users to access these sensitive keys. Such a lapse in memory management poses a significant risk to the security of cryptographic operations performed within PuTTY, necessitating immediate attention and remediation.

References

http://www.openwall.com/lists/oss-security/2013/08/06/11

mailing-listx_refsource_MLIST

http://secunia.com/advisories/54533

third-party-advisoryx_refsource_SECUNIA

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlis...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 19, 2013
Vulnerability Reserved
Jun 12, 2013

Putty

What is CVE-2013-4208?

References

Timeline