Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PuTTY ’modmul()‘函数缓冲区数据不足漏洞
Vulnerability Description
PuTTY是软件开发者Simon Tatham所研发的一套免费的Telnet、Rlogin和SSH客户端软件。该软件主要用于对Linux系统进行远程管理。 PuTTY 0.62及之前版本中的sshbn.c文件中的‘modmul’函数中存在基于堆的缓冲区溢出漏洞。该漏洞源于在模乘运算期间执行数位偏移操作时,程序没有正确地处理DSA签名。远程SSH服务器端的攻击者可借助特制的DSA签名,利用该漏洞导致拒绝服务(崩溃)并有可能触发内存破坏或者代码执行。
CVSS Information
N/A
Vulnerability Type
N/A