CVE-2011-4607

PuTTY 0.59-0.61 - Sensitive Memory Exposure via Keyboard-Interactive Authentication

Title source: llm
STIX 2.1

Description

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q4/500
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q4/499

Scores

EPSS 0.0041
EPSS Percentile 32.8%

Details

CWE
CWE-119
Status published
Products (3)
putty/putty 0.59
putty/putty 0.60
putty/putty 0.61
Published Aug 23, 2013
Tracked Since Feb 18, 2026