vulnerability

FreeBSD: VID-6190C0CD-B945-11EA-9401-2DCF562DAA69 (CVE-2020-14002): PuTTY -- Release 0.74 fixes two security vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Jun 27, 2020	Jun 29, 2020	Oct 20, 2020

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Jun 27, 2020

Added

Jun 29, 2020

Modified

Oct 20, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-6190C0CD-B945-11EA-9401-2DCF562DAA69:

Simon Tatham reports:

[Release 0.74] fixes the following security issues:

New configuration option to disable PuTTY's default policy of

changing its host key algorithm preferences to prefer keys it

already knows. (There is a theoretical information leak in this

policy.) [CVE-2020-14002]

In some situations an SSH server could cause PuTTY to access freed

mdmory by pretending to accept an SSH key and then refusing the

actual signature. It can only happen if you're using an SSH agent.

Solutions

freebsd-upgrade-package-puttyfreebsd-upgrade-package-putty-gtk2freebsd-upgrade-package-putty-nogtk

References

NVD-CVE-2020-14002

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today