Skip to main content

Putty

24 CVEs product

Monthly

CVE-2026-48852 LOW PATCH Monitor

Assertion failure in ECDSA signature verification within PuTTY 0.71 through 0.83 allows a network-positioned attacker to crash the PuTTY client, producing a denial-of-service condition. The vulnerability (CWE-617: Reachable Assertion) carries a CVSS 3.7 Low score with no confidentiality or integrity impact - availability impact is limited to the client process itself. No public exploit code exists and no active exploitation has been identified; SSVC rates exploitation as none and the EPSS score of 0.04% (12th percentile) confirms minimal current exploitation probability.

Denial Of Service Putty
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-48851 LOW PATCH Monitor

PuTTY's trust sigil mechanism - the application icon displayed to distinguish legitimate remote TELNET output from locally-injected spoofed content - fails to reset trust state between proxy authentication and the start of the main TELNET session in versions 0.77 through 0.83. Under CWE-451 (UI Misrepresentation of Critical Information), an attacker positioned to control or influence a TELNET proxy could present deceptive terminal content to the user bearing the trusted indicator, achieving low-integrity impact by misleading the user about the source or authenticity of displayed data. No public exploit exists, EPSS is 0.03% (9th percentile), CISA SSVC rates exploitation as none, and the overall CVSS score is 3.1 (Low), reflecting high attack complexity and narrow real-world applicability.

Information Disclosure Putty
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-48850 LOW PATCH Monitor

Double free in PuTTY's RSA key exchange implementation affects versions 0.72 through 0.83, creating a memory corruption condition that can crash the client when connecting to a server that negotiates RSA KEX. The CVSS vector (AV:N/AC:H/PR:N/UI:N/A:L) reflects a network-reachable but high-complexity trigger with only limited availability impact, consistent with a difficult-to-reproduce crash rather than reliable code execution. No active exploitation is confirmed per CISA KEV, SSVC reports exploitation status as none, and EPSS sits at 0.04% (12th percentile), indicating low real-world exploitation pressure at time of analysis.

Information Disclosure Putty
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2021-36367 HIGH This Week

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-33500 HIGH POC This Week

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Putty
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-14002 MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package Fedora
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2019-17069 HIGH This Week

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Putty Leap +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-17068 HIGH This Week

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Putty Leap
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-17067 CRITICAL Act Now

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Putty
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-9898 CRITICAL PATCH Act Now

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Leap +1
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-9897 HIGH PATCH This Week

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Oncommand Unified Manager +1
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-9896 HIGH This Week

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Putty Backports Sle Leap
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-9895 CRITICAL Act Now

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Putty Fedora
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9894 HIGH PATCH This Week

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Putty Fedora Debian Linux +2
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2017-6542 CRITICAL POC PATCH THREAT Act Now

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Buffer Overflow Putty Leap
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.2%
Threat
4.1
CVE-2016-6167 HIGH POC This Week

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Putty
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2563 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Denial Of Service RCE Buffer Overflow Kitty Putty
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
28.6%
Threat
4.3
CVE-2015-5309 MEDIUM This Month

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Leap Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2015-2157 LOW PATCH Monitor

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Fedora Opensuse Putty
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4852 MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Winscp Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-4208 LOW Monitor

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4207 MEDIUM This Month

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Putty
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4206 MEDIUM PATCH This Month

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Putty
NVD
CVSS 2.0
6.8
EPSS
1.1%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Assertion failure in ECDSA signature verification within PuTTY 0.71 through 0.83 allows a network-positioned attacker to crash the PuTTY client, producing a denial-of-service condition. The vulnerability (CWE-617: Reachable Assertion) carries a CVSS 3.7 Low score with no confidentiality or integrity impact - availability impact is limited to the client process itself. No public exploit code exists and no active exploitation has been identified; SSVC rates exploitation as none and the EPSS score of 0.04% (12th percentile) confirms minimal current exploitation probability.

Denial Of Service Putty
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

PuTTY's trust sigil mechanism - the application icon displayed to distinguish legitimate remote TELNET output from locally-injected spoofed content - fails to reset trust state between proxy authentication and the start of the main TELNET session in versions 0.77 through 0.83. Under CWE-451 (UI Misrepresentation of Critical Information), an attacker positioned to control or influence a TELNET proxy could present deceptive terminal content to the user bearing the trusted indicator, achieving low-integrity impact by misleading the user about the source or authenticity of displayed data. No public exploit exists, EPSS is 0.03% (9th percentile), CISA SSVC rates exploitation as none, and the overall CVSS score is 3.1 (Low), reflecting high attack complexity and narrow real-world applicability.

Information Disclosure Putty
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Double free in PuTTY's RSA key exchange implementation affects versions 0.72 through 0.83, creating a memory corruption condition that can crash the client when connecting to a server that negotiates RSA KEX. The CVSS vector (AV:N/AC:H/PR:N/UI:N/A:L) reflects a network-reachable but high-complexity trigger with only limited availability impact, consistent with a difficult-to-reproduce crash rather than reliable code execution. No active exploitation is confirmed per CISA KEV, SSVC reports exploitation status as none, and EPSS sits at 0.04% (12th percentile), indicating low real-world exploitation pressure at time of analysis.

Information Disclosure Putty
NVD VulDB
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Putty
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Putty Leap
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Putty
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Putty +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Putty Fedora
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Putty +4
NVD
EPSS 22% 4.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Buffer Overflow Putty Leap
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Putty
NVD
EPSS 29% 4.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Denial Of Service RCE Buffer Overflow +2
NVD GitHub Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM This Month

Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Fedora +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +4
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Putty
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy