Information Disclosure in PuTTY Client through Memory Management Flaws

CVE-2015-2157

Summary

In PuTTY versions 0.51 through 0.63, the functions responsible for loading and saving SSH-2 user keys fail to adequately wipe sensitive private keys from memory. This oversight enables local users to exploit the vulnerability, gaining unauthorized access to sensitive information by reading unencrypted memory. The implications of this vulnerability could lead to serious security breaches, particularly in environments where sensitive private key usage is commonplace. Users of the affected versions should ensure they upgrade to the latest version where this issue is addressed.

References