Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#8826 closed Bug report (fixed)

More security issues in putty (CVE-2013-4206, CVE-2013-4207, CVE-2013-4208)

Reported by: oden Owned by:
Priority: high Component: FileZilla Client
Keywords: Cc:
Component version: Operating system type: Linux
Operating system version:



"On 08/06/2013 01:56 PM, Vincent Danen wrote:

There seem to be some CVEs needed for putty 0.63 due to some other
fixes that were fixed alongside CVE-2013-4852:

  • a heap-corrupting buffer underrun bug in the modmul function

which performs modular multiplication:

Please use CVE-2013-4206 for this issue.

  • A buffer overflow vulnerability in the calculation of modular

inverses when verifying a DSA signature:


use CVE-2013-4207 for this issue.

  • Private keys left in memory after being used by PuTTY tools:


use CVE-2013-4208 for this issue."

Change History (1)

comment:1 by oden, 10 years ago

Resolution: fixed
Status: newclosed

Fixed with 3.7.3

Note: See TracTickets for help on using tickets.