CVE-2013-4208 (retired)

Priority
Description
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive
process memory after use and (2) does not free certain structures
containing sensitive process memory, which might allow local users to
discover private RSA and DSA keys.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4208
Private keys left in memory after being used by PuTTY tools
Package
Source: putty (LP Ubuntu Debian)
Upstream:released (0.63)
More Information

Updated: 2019-09-19 15:45:20 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)