The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-08-19T23:00:00
Updated: 2013-08-30T09:00:00
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4208
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-08-19T23:55:08.833
Modified: 2019-03-21T17:04:58.200
Link: CVE-2013-4208
JSON object: View
Redhat Information
No data.
CWE