Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
| Software | From | Fixed in |
|---|---|---|
| fedoraproject / fedora | 22 | 22.x |
| debian / debian_linux | 7.0 | 7.0.x |
| fedoraproject / fedora | 20 | 20.x |
| opensuse / opensuse | 13.1 | 13.1.x |
| opensuse / opensuse | 13.2 | 13.2.x |
| putty / putty | 0.51 | 0.51.x |
| simon_tatham / putty | 0.53 | 0.53.x |
| putty / putty | 0.55 | 0.55.x |
| putty / putty | 0.53b | 0.53b.x |
| putty / putty | 0.52 | 0.52.x |
| putty / putty | 0.54 | 0.54.x |
| putty / putty | 0.56 | 0.56.x |
| putty / putty | 0.57 | 0.57.x |
| putty / putty | 0.58 | 0.58.x |
| putty / putty | 0.59 | 0.59.x |
| putty / putty | 0.60 | 0.60.x |
| putty / putty | 0.61 | 0.61.x |
| putty / putty | 0.62 | 0.62.x |
| putty / putty | 0.63 | 0.63.x |
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
- http://www.debian.org/security/2015/dsa-3190
- http://www.openwall.com/lists/oss-security/2015/02/28/4
- http://www.openwall.com/lists/oss-security/2015/02/28/5
- http://www.securityfocus.com/bid/72825
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime