CVE-2011-4607

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
puttyputty
0.59
puttyputty
0.60
puttyputty
0.61
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
putty
bullseye
0.74-1+deb11u2
fixed
bullseye (security)
0.74-1+deb11u1
fixed
bookworm
0.78-2+deb12u2
fixed
bookworm (security)
0.78-2+deb12u1
fixed
sid
0.81-3
fixed
trixie
0.81-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
putty
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2011/q4/499
http://seclists.org/oss-sec/2011/q4/500
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
http://seclists.org/oss-sec/2011/q4/499
http://seclists.org/oss-sec/2011/q4/500
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html