PuTTY wishlist entries indexed by CVE

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

This page lists all the CVE vulnerability identifiers that are mentioned by PuTTY wishlist entries, and links each one to the wishlist entry (or entries) that mention it.

If you want to find our own writeup for a vulnerability, and you already know its CVE number, then this page may be a convenient way to find it.

CVE IDPuTTY bug database entries referring to it
CVE-2002-1357vuln-sshredder (fixed in 0.53b)
CVE-2002-1358vuln-sshredder (fixed in 0.53b)
CVE-2002-1359vuln-sshredder (fixed in 0.53b)
CVE-2002-1360vuln-sshredder (fixed in 0.53b)
CVE-2003-0048vuln-passwd-memdump (fixed in 0.54)
CVE-2003-0069vuln-window-title (fixed in 0.54)
CVE-2004-1008vuln-ssh2-debug (fixed in 0.56)
CVE-2004-1440vuln-modpow (fixed in 0.55)
CVE-2005-0467vuln-sftp-readdir (fixed in 0.57)
vuln-sftp-string (fixed in 0.57)
CVE-2006-7162puttygen-unix-perms (not classed as a vulnerability; fixed in 0.59)
CVE-2008-5161ssh2-cbc-pktlen-weakness (not classed as a vulnerability; fixed in 0.61)
CVE-2011-4607password-not-wiped (fixed in 0.62)
CVE-2013-4206vuln-modmul (fixed in 0.63)
CVE-2013-4207vuln-bignum-division-by-zero (fixed in 0.63)
CVE-2013-4208private-key-not-wiped (fixed in 0.63)
CVE-2013-4852vuln-signature-stringlen (fixed in 0.63)
CVE-2015-2157private-key-not-wiped-2 (fixed in 0.64)
CVE-2015-5309vuln-ech-overflow (fixed in 0.66)
CVE-2016-2563vuln-pscp-sink-sscanf (fixed in 0.67)
CVE-2016-6167vuln-indirect-dll-hijack (fixed in 0.68)
CVE-2017-6542vuln-agent-fwd-overflow (fixed in 0.68)
CVE-2019-6109pscp-unsanitised-server-output (not classed as a vulnerability; fixed in 0.71)
CVE-2019-6110pscp-unsanitised-server-output (not classed as a vulnerability; fixed in 0.71)
CVE-2019-9894vuln-rsa-kex-integer-overflow (fixed in 0.71)
CVE-2019-9895vuln-fd-set-overflow (fixed in 0.71)
CVE-2019-9896vuln-chm-hijack (fixed in 0.71)
CVE-2019-9897vuln-terminal-dos-combining-chars (fixed in 0.71)
vuln-terminal-dos-combining-chars-double-width-gtk (fixed in 0.71)
vuln-terminal-dos-one-column-cjk (fixed in 0.71)
CVE-2019-9898vuln-rng-reuse (fixed in 0.71)
CVE-2019-17067vuln-win-exclusiveaddruse (fixed in 0.73)
CVE-2019-17068vuln-bracketed-paste-data-outside-brackets (fixed in 0.73)
CVE-2019-17069ssh1-disconnect-use-after-free (not classed as a vulnerability; fixed in 0.73)
CVE-2020-14002vuln-dynamic-hostkey-info-leak (fixed in 0.74)
CVE-2021-33500vuln-windows-remote-title-dos (fixed in 0.75)
CVE-2021-36367reject-trivial-auth (not classed as a vulnerability; fixed in 0.76)
vuln-auth-prompt-spoofing (fixed in 0.71)

If you want to comment on this web site, see the Feedback page.
(last modified on Sun Oct 30 16:26:01 2022)