#VU42656 Division by zero in PuTTY - CVE-2013-4207


| Updated: 2022-10-31

Vulnerability identifier: #VU42656

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-4207

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PuTTY
Client/Desktop applications / Software for system administration

Vendor: Simon Tatham

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within . A remote attacker can pass specially crafted data to the application and crash it.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PuTTY: 0.45 - 0.61

External links
https://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
https://secunia.com/advisories/54379
https://secunia.com/advisories/54533
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
https://www.debian.org/security/2013/dsa-2736
https://www.openwall.com/lists/oss-security/2013/08/06/11

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for FileZilla
Multiple vulnerabilities in PuTTY