vulnerability
FreeBSD: VID-46e1ece5-48bd-11e9-9c40-080027ac955c: PuTTY -- security fixes in new release
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 17, 2019 | Mar 18, 2019 | Dec 10, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 17, 2019
Added
Mar 18, 2019
Modified
Dec 10, 2025
Description
The PuTTY team reports: New in 0.71: Security fixes found by an EU-funded bug bounty programme: + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification + potential recycling of random numbers used in cryptography + on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding + multiple denial-of-service attacks that can be triggered by writing to the terminal Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels. User interface changes to protect against fake authentication prompts from a malicious server.
Solutions
freebsd-upgrade-package-puttyfreebsd-upgrade-package-putty-gtk2freebsd-upgrade-package-putty-nogtk
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.