CVE-2013-4207
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.
Desbordamiento de búfer en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) a través de una firma DSA no válida que no es manejada adecuadamente durante el cálculo de un inverso modular que provoca el desbordamiento durante una división entre cero por la funcionalidad "bignum". Vulnerabilidad distinta de CVE-2013-4206.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-08-12 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/54533 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2013/08/06/11 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html | 2021-08-06 | |
| http://secunia.com/advisories/54379 | 2021-08-06 | |
| http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html | 2021-08-06 | |
| http://www.debian.org/security/2013/dsa-2736 | 2021-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.45 Search vendor "Putty" for product "Putty" and version "0.45" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.46 Search vendor "Putty" for product "Putty" and version "0.46" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.47 Search vendor "Putty" for product "Putty" and version "0.47" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.48 Search vendor "Putty" for product "Putty" and version "0.48" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.49 Search vendor "Putty" for product "Putty" and version "0.49" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.50 Search vendor "Putty" for product "Putty" and version "0.50" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.51 Search vendor "Putty" for product "Putty" and version "0.51" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.52 Search vendor "Putty" for product "Putty" and version "0.52" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.53b Search vendor "Putty" for product "Putty" and version "0.53b" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.54 Search vendor "Putty" for product "Putty" and version "0.54" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.55 Search vendor "Putty" for product "Putty" and version "0.55" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.56 Search vendor "Putty" for product "Putty" and version "0.56" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.57 Search vendor "Putty" for product "Putty" and version "0.57" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.58 Search vendor "Putty" for product "Putty" and version "0.58" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.59 Search vendor "Putty" for product "Putty" and version "0.59" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.60 Search vendor "Putty" for product "Putty" and version "0.60" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 0.61 Search vendor "Putty" for product "Putty" and version "0.61" | - |
Affected
| ||||||
| Putty Search vendor "Putty" | Putty Search vendor "Putty" for product "Putty" | 2010-06-01 Search vendor "Putty" for product "Putty" and version "2010-06-01" | r8967, development_snapshot |
Affected
| ||||||
| Simon Tatham Search vendor "Simon Tatham" | Putty Search vendor "Simon Tatham" for product "Putty" | <= 0.62 Search vendor "Simon Tatham" for product "Putty" and version " <= 0.62" | - |
Affected
| ||||||
| Simon Tatham Search vendor "Simon Tatham" | Putty Search vendor "Simon Tatham" for product "Putty" | 0.53 Search vendor "Simon Tatham" for product "Putty" and version "0.53" | - |
Affected
| ||||||