PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Putty | Putty | * | 0.75 (excluding) |
| Putty | Ubuntu | bionic | * |
| Putty | Ubuntu | focal | * |
| Putty | Ubuntu | groovy | * |
| Putty | Ubuntu | hirsute | * |
| Putty | Ubuntu | impish | * |
| Putty | Ubuntu | kinetic | * |
| Putty | Ubuntu | lunar | * |
| Putty | Ubuntu | mantic | * |
| Putty | Ubuntu | oracular | * |
| Putty | Ubuntu | plucky | * |
| Putty | Ubuntu | trusty | * |
| Putty | Ubuntu | xenial | * |
References
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html