CVE-2011-4607
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
23/08/2013
Last modified:
11/04/2025
Description
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:* | ||
| cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:* | ||
| cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/oss-sec/2011/q4/499
- http://seclists.org/oss-sec/2011/q4/500
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
- http://seclists.org/oss-sec/2011/q4/499
- http://seclists.org/oss-sec/2011/q4/500
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html