Denial of Service Vulnerability in PuTTY by VanDyke Software
CVE-2019-17069

7.5HIGH

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 1 October 2019

What is CVE-2019-17069?

A vulnerability in PuTTY prior to version 0.73 allows remote SSH-1 servers to trigger a denial of service condition. This exploit is realized when a malicious SSH-1 server sends an SSH1_MSG_DISCONNECT message, which can cause PuTTY to access freed memory locations, potentially leading to application instability and crashes. Users of affected versions are advised to upgrade to safeguard against this risk.

References

https://lists.tartarus.org/pipermail/putty-announce/2019/...

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2019
Vulnerability Reserved
Oct 1, 2019

Putty

What is CVE-2019-17069?

References

CVSS V3.1

Timeline