Information on source package putty

Available versions

ReleaseVersion
jessie0.63-10+deb8u2
stretch0.67-3+deb9u1
buster0.74-1+deb11u1~deb10u2
bullseye0.74-1+deb11u2
bullseye (security)0.74-1+deb11u1
bookworm0.78-2+deb12u2
bookworm (security)0.78-2+deb12u1
trixie0.81-3
sid0.81-3

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-36367vulnerablevulnerable (no DSA)fixedfixedfixedfixedfixedPuTTY through 0.75 proceeds with establishing an SSH session even if i ...
CVE-2019-9895vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn PuTTY versions before 0.71 on Unix, a remotely triggerable buffer o ...
CVE-2017-6542vulnerable (no DSA)fixedfixedfixedfixedfixedfixedThe ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...
CVE-2016-2563vulnerable (no DSA)fixedfixedfixedfixedfixedfixedStack-based buffer overflow in the SCP command-line utility in PuTTY b ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-17069vulnerablevulnerablefixedfixedfixedfixedfixedPuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...

Resolved issues

BugDescription
TEMP-0000000-F707E4MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value
CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation ...
CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in O ...
CVE-2021-33500PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...
CVE-2020-14002PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...
CVE-2019-17068PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...
CVE-2019-17067PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...
CVE-2019-9898Potential recycling of random numbers used in cryptography exists with ...
CVE-2019-9897Multiple denial-of-service attacks that can be triggered by writing to ...
CVE-2019-9896In PuTTY versions before 0.71 on Windows, local attackers could hijack ...
CVE-2019-9894A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...
CVE-2016-6167Multiple untrusted search path vulnerabilities in Putty beta 0.67 allo ...
CVE-2015-5309Integer overflow in the terminal emulator in PuTTY before 0.66 allows ...
CVE-2015-2157The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...
CVE-2013-4852Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and o ...
CVE-2013-4208The rsa_verify function in PuTTY before 0.63 (1) does not clear sensit ...
CVE-2013-4207Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH serv ...
CVE-2013-4206Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...
CVE-2011-4607PuTTY 0.59 through 0.61 does not clear sensitive process memory when m ...
CVE-2006-7162PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files co ...
CVE-2005-0467Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_r ...
CVE-2004-1440Multiple heap-based buffer overflows in the modpow function in PuTTY b ...
CVE-2004-1008Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...
CVE-2003-0069The PuTTY terminal emulator 0.53 allows attackers to modify the window ...
CVE-2003-0048PuTTY 0.53b and earlier does not clear logon credentials from memory, ...

Security announcements

DSA / DLADescription
DLA-3839-1putty - security update
DLA-3794-1putty - security update
DSA-5588-1putty - security update
DLA-1763-1putty - security update
DSA-4423-1putty - security update
DSA-3409-1putty - security update
DLA-347-1putty - security update
DSA-3190-1putty - security update
DLA-173-1putty - security update
DSA-2736-1putty - several

Search for package or bug name: Reporting problems