PuTTY vulnerability vuln-ssh1-buffer-length-underflow

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Pre-release · Snapshot | Docs | Privacy | Changes | Wishlist

summary: Vulnerability: integer underflow parsing SSH-1 packet length
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.43 0.44 0.45 0.46 0.47 0.48 0.49 0.50 0.51 0.52 0.53 0.53b 0.54 0.55 0.56 0.57 0.58 0.59 0.60 0.61 0.62 0.63 0.64 0.65 0.66 0.67 0.68 0.69 0.70 0.71
fixed-in: 031537092643956d4e1dd7b061fe920086fff7b7 (0.72)

All versions of the PuTTY suite prior to 0.72 have an integer underflow bug in the SSH-1 binary packet protocol, which might lead to a security vulnerability.

The packet length field in an SSH-1 packet takes a value which is 5 more than the number of actual data bytes in the packet. If the server sent a value less than 5, PuTTY's SSH-1 BPP code did not check it.

The resulting behaviour can vary between 32- and 64-bit builds of PuTTY, and possibly also between Linux and Windows. Possibilities include trying to allocate 232 bytes of memory and terminating the program when that fails; trying to allocate 232 bytes of memory and consuming excessive OS resources when that succeeds; passing a negative packet length to the rest of the code, with further unpredictable results.

The bug can occur before host key verification, because the length field is the same in all packets, encrypted or not. So in any situation where a bad effect can be caused by this bug, a network attacker intercepting your connection could cause the bad effect before being detected as not the real server.

This bug only affects the obsolete SSH-1 protocol, which is rarely used. In PuTTY 0.68 and later, we no longer support automatic fallback to SSH-1 from SSH-2, so any saved session configured to the default of SSH-2 will not be vulnerable to this issue.

This vulnerability was found as part of a bug bounty programme run under the auspices of the EU-FOSSA project.


If you want to comment on this web site, see the Feedback page.
Audit trail for this vulnerability.
(last revision of this bug record was at 2019-07-25 20:22:27 +0100)