CVE-2013-4208

Publication date 19 August 2013

Last updated 24 July 2024


Ubuntu priority

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
putty 13.04 raring
Fixed 0.62-10ubuntu0.1
12.10 quantal
Fixed 0.62-9ubuntu0.1
12.04 LTS precise
Fixed 0.62-6ubuntu0.1
10.04 LTS lucid Ignored end of life