Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.01136
Percentile: 0.77453

CVSS Scoring

Mapped CWE(s)

• CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*
• cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*
• cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*
• cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*

← Back to Home