oss-sec mailing list archives
CVE request: three additional flaws fixed in putty 0.63
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 6 Aug 2013 13:56:10 -0600
There seem to be some CVEs needed for putty 0.63 due to some other fixes that were fixed alongside CVE-2013-4852: * a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9977 * A buffer overflow vulnerability in the calculation of modular inverses when verifying a DSA signature: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9996 * Private keys left in memory after being used by PuTTY tools: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9988 I can't see any CVE references so I suspect there are none. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: three additional flaws fixed in putty 0.63 Vincent Danen (Aug 06)
- Re: CVE request: three additional flaws fixed in putty 0.63 Kurt Seifried (Aug 06)