SSH: PuTTY SSH Client RSA Key Exchange Integer Overflow

An integer overflow vulnerability has been reported in PuTTY SSH Client. The vulnerability is due to improper handling of overly short RSA Keys During RSA Key Exchanges. A remote, unauthenticated attacker could exploit this vulnerability by enticing a targeted user to connect to a malicious SSH server. Successful exploitation could result in denial-of-service conditions or, in the worst case, arbitrary code execution.

Extended Description

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

Affected Products

Putty putty

References

CVE: CVE-2019-9894

Short Name
SSH:OVERFLOW:PUTTY-INT-OF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSH
Keywords
CVE-2019-9894 Client Exchange Integer Key Overflow PuTTY RSA SSH
Release Date
06/07/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Opensuse

Putty

Fedoraproject

Netapp

Debian

CVSS Score

6.4

Found a potential security threat?