Vulnerability Details CVE-2021-33500
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- https://docs.ssh-mitm.at/puttydos.html
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Products affected by CVE-2021-33500
-
cpe:2.3:a:putty:putty:-
-
cpe:2.3:a:putty:putty:0.45
-
cpe:2.3:a:putty:putty:0.46
-
cpe:2.3:a:putty:putty:0.47
-
cpe:2.3:a:putty:putty:0.48
-
cpe:2.3:a:putty:putty:0.49
-
cpe:2.3:a:putty:putty:0.50
-
cpe:2.3:a:putty:putty:0.51
-
cpe:2.3:a:putty:putty:0.52
-
cpe:2.3:a:putty:putty:0.53
-
cpe:2.3:a:putty:putty:0.53b
-
cpe:2.3:a:putty:putty:0.54
-
cpe:2.3:a:putty:putty:0.55
-
cpe:2.3:a:putty:putty:0.56
-
cpe:2.3:a:putty:putty:0.57
-
cpe:2.3:a:putty:putty:0.58
-
cpe:2.3:a:putty:putty:0.59
-
cpe:2.3:a:putty:putty:0.60
-
cpe:2.3:a:putty:putty:0.61
-
cpe:2.3:a:putty:putty:0.62
-
cpe:2.3:a:putty:putty:0.63
-
cpe:2.3:a:putty:putty:0.65
-
cpe:2.3:a:putty:putty:0.66
-
cpe:2.3:a:putty:putty:0.67
-
cpe:2.3:a:putty:putty:0.68
-
cpe:2.3:a:putty:putty:0.69
-
cpe:2.3:a:putty:putty:0.70
-
cpe:2.3:a:putty:putty:0.71
-
cpe:2.3:a:putty:putty:0.72
-
cpe:2.3:a:putty:putty:0.73
-
cpe:2.3:a:putty:putty:0.74
-
cpe:2.3:o:microsoft:windows:-