VIR Vulnerability Intelligence Relay

CVE-2013-4206

medium
Published 2013-08-19 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4206

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/54379

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.7.3-1
debian debianbullseyefixed3.7.3-1
debian debianforkyfixed3.7.3-1
debian debiansidfixed3.7.3-1
debian debiantrixiefixed3.7.3-1

Application impact
VendorProductVersionsFixed
puttyputty0.45
puttyputty0.46
puttyputty0.47
puttyputty0.48
puttyputty0.49
puttyputty0.50
puttyputty0.51
puttyputty0.52
puttyputty0.53b
puttyputty0.54
puttyputty0.55
puttyputty0.56
puttyputty0.57
puttyputty0.58
puttyputty0.59
puttyputty0.60
puttyputty0.61
puttyputty2010-06-01
simon_tathamputty{"endIncluding":"0.62"}
simon_tathamputty0.53

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.