PuTTY bug ssh1-disconnect-use-after-free
Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
summary: Use-after-free bug when processing SSH-1 disconnect message
class: bug: This is clearly an actual problem we want fixed.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.72
fixed-in: 0.73 69201ad8936fe0ff1b8723b7a43accb5e9f1c888
If an SSH-1 server sends PuTTY a disconnection message (that is,
message type 1, SSH_MSG_DISCONNECT
), PuTTY would access
an already-freed pointer to a linked list of packets in the course of
handling it.
We don't know if this memory fault had any exploitable security
impact. It has been assigned CVE-2019-17069.
It is fixed in 0.73.
If you want to comment on this web site, see the
Feedback page.
(last revision of this bug record was at 2020-01-11 15:06:43 +0000)