{"id":"MGASA-2013-0242","summary":"Updated putty and filezilla packages fixes security vulnerability","details":"PuTTY versions 0.62 and earlier - as well as all software that\nintegrates   these versions of PuTTY - are vulnerable to an integer\noverflow leading to heap overflow during the SSH handshake before\nauthentication, caused by improper bounds checking of the length\nparameter received from the SSH server. This allows remote attackers\nto cause denial of service, and may have more severe impact on the\noperation of software that uses PuTTY code (CVE-2013-4852).\n\nPuTTY versions 0.62 and earlier - as well as all software that\nintegrates these versions of PuTTY - are vulnerable to a heap-corrupting\nbuffer underrun bug in the modmul function which performs modular\nmultiplication (CVE-2013-4206).\n\nPuTTY versions 0.62 and earlier - as well as all software that\nintegrates these versions of PuTTY - are vulnerable to a buffer overflow\nvulnerability in the calculation of modular inverses when verifying a\nDSA signature (CVE-2013-4207).\n\nPuTTY versions 0.62 and earlier - as well as all software that\nintegrates these versions of PuTTY - are vulnerable to private keys left\nin memory after being used by PuTTY tools (CVE-2013-4208).\n","modified":"2026-02-04T02:57:26.232876Z","published":"2013-08-09T17:38:37Z","related":["CVE-2013-4206","CVE-2013-4207","CVE-2013-4208","CVE-2013-4852"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0242.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10925"},{"type":"REPORT","url":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html"},{"type":"REPORT","url":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html"},{"type":"REPORT","url":"http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2013/08/06/13"},{"type":"REPORT","url":"http://www.search-lab.hu/advisories/secadv-20130722"}],"affected":[{"package":{"name":"putty","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/putty?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.63-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0242.json"}},{"package":{"name":"filezilla","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/filezilla?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0242.json"}},{"package":{"name":"putty","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/putty?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.63-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0242.json"}},{"package":{"name":"filezilla","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/filezilla?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0242.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}