CVE-2024-31497 – Gentoo Linux Security Advisory 202407-11

https://notcve.org/view.php?id=CVE-2024-31497

15 Apr 2024 — In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forw... • https://github.com/sh1k4ku/CVE-2024-31497 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •