{"id":"CVE-2020-14002","details":"PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).","modified":"2026-04-16T04:44:19.562357016Z","published":"2020-06-29T18:15:11.767Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26TACCSQYYCPWAJYNAUIXJGZ5RGORJZV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JPV4A77EDCT4BTFO5BE26ZH72BG4E5IJ/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"},{"type":"ADVISORY","url":"https://lists.tartarus.org/pipermail/putty-announce/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200717-0003/"},{"type":"ADVISORY","url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"type":"ADVISORY","url":"https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0.68"},{"last_affected":"0.73"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14002.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}