CVE Vulnerabilities

CVE-2004-1440

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

Affected Software

Name Vendor Start Version End Version
Putty Putty 0.48 (including) 0.48 (including)
Putty Putty 0.49 (including) 0.49 (including)
Putty Putty 0.50 (including) 0.50 (including)
Putty Putty 0.51 (including) 0.51 (including)
Putty Putty 0.52 (including) 0.52 (including)
Putty Putty 0.53 (including) 0.53 (including)
Putty Putty 0.53b (including) 0.53b (including)
Putty Putty 0.54 (including) 0.54 (including)

References