一、 漏洞 CVE-2024-31497 基础信息
漏洞信息
# N/A
N/A
提示
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
二、漏洞 CVE-2024-31497 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | A script designed to uncover vulnerabilities in Putty by exploiting CVE-2024-31497. | https://github.com/sh1k4ku/CVE-2024-31497 | POC详情 |
| 2 | None | https://github.com/edutko/cve-2024-31497 | POC详情 |
| 3 | Proof Of Concept that exploits PuTTy CVE-2024-31497. | https://github.com/HugoBond/CVE-2024-31497-POC | POC详情 |
三、漏洞 CVE-2024-31497 的情报信息
- https://filezilla-project.org/versions.php
- https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/
- https://twitter.com/CCBalert/status/1780229237569470549
- https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
- https://github.com/daedalus/BreakingECDSAwithLLL
- https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/
- https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git
- https://twitter.com/lambdafu/status/1779969509522133272
- https://security-tracker.debian.org/tracker/CVE-2024-31497
- https://bugzilla.suse.com/show_bug.cgi?id=1222864
- https://github.com/advisories/GHSA-6p4c-r453-8743
-
标题: PuTTY Change Log -- 🔗来源链接
标签:
-
标题: PuTTY vulnerability vuln-p521-bias -- 🔗来源链接
标签:
-
标题: oss-security - CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client -- 🔗来源链接
标签:
- https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward
- https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty
- https://news.ycombinator.com/item?id=40044665
-
标题: News :: WinSCP -- 🔗来源链接
标签:
- https://tortoisegit.org
- https://bugzilla.redhat.com/show_bug.cgi?id=2275183
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/ vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/ vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/ vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/ vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/ vendor-advisory
- https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html mailing-list
- http://www.openwall.com/lists/oss-security/2024/04/15/6 mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2024-31497
四、漏洞 CVE-2024-31497 的评论
暂无评论