putty

Top products

The 15 most recently published vulnerabilities affecting putty.

• CVE-2026-48852PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.3.7May 25, 2026
• CVE-2026-48851PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.3.1May 25, 2026
• CVE-2026-48850PuTTY 0.72 before 0.84 has a double free in RSA KEX.3.7May 25, 2026
• CVE-2026-4115PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification3.7Mar 22, 2026
• CVE-2024-31497In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especia...5.9Apr 15, 2024
• CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
• CVE-2021-36367PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a...8.1Jul 9, 2021
• CVE-2021-33500PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many Se...7.5May 21, 2021
• CVE-2020-14002PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (whe...5.9Jun 29, 2020
• CVE-2019-17067PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.9.8Oct 1, 2019
• CVE-2019-17068PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.7.5Oct 1, 2019
• CVE-2019-17069PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.7.5Oct 1, 2019
• CVE-2019-9898Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.9.8Mar 21, 2019
• CVE-2019-9897Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.7.5Mar 21, 2019
• CVE-2019-9896In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.7.8Mar 21, 2019