// For flags

CVE-2015-2157

 

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener informaciĆ³n sensible mediante la lectura de la memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-28 CVE Reserved
  • 2015-03-16 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
20
Search vendor "Fedoraproject" for product "Fedora" and version "20"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
22
Search vendor "Fedoraproject" for product "Fedora" and version "22"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.51
Search vendor "Putty" for product "Putty" and version "0.51"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.52
Search vendor "Putty" for product "Putty" and version "0.52"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.53b
Search vendor "Putty" for product "Putty" and version "0.53b"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.54
Search vendor "Putty" for product "Putty" and version "0.54"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.55
Search vendor "Putty" for product "Putty" and version "0.55"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.56
Search vendor "Putty" for product "Putty" and version "0.56"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.57
Search vendor "Putty" for product "Putty" and version "0.57"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.58
Search vendor "Putty" for product "Putty" and version "0.58"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.59
Search vendor "Putty" for product "Putty" and version "0.59"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.60
Search vendor "Putty" for product "Putty" and version "0.60"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.61
Search vendor "Putty" for product "Putty" and version "0.61"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.62
Search vendor "Putty" for product "Putty" and version "0.62"
-
Affected
Putty
Search vendor "Putty"
Putty
Search vendor "Putty" for product "Putty"
0.63
Search vendor "Putty" for product "Putty" and version "0.63"
-
Affected
Simon Tatham
Search vendor "Simon Tatham"
Putty
Search vendor "Simon Tatham" for product "Putty"
0.53
Search vendor "Simon Tatham" for product "Putty" and version "0.53"
-
Affected