These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
PuTTY versions 0.71 through 0.83 contain an assertion failure vulnerability in ECDSA signature verification that can be triggered remotely. The flaw, identified as CWE-617 (Reachable Assertion), occurs when processing malformed ECDSA signatures during SSH authentication or key exchange. A remote attacker can exploit this to cause a denial of service by crashing the PuTTY client or server process. The vuln [truncated]
PuTTY 0.77 through 0.83 fails to clear the trust indicator (PuTTY icon) between proxy authentication and the main TELNET session. The icon, which signals trusted data to the user, persists across session phases, potentially misleading users about the trustworthiness of subsequent TELNET data. This UI state management issue (CWE-451) could lead users to trust untrusted content. The vulnerability is rated L [truncated]
A double-free vulnerability exists in PuTTY versions 0.72 through 0.83 during RSA key exchange (RSA KEX). The flaw, classified as CWE-415, occurs when memory is freed twice during the cryptographic handshake process. This vulnerability was disclosed on 2026-05-25 and carries a LOW severity CVSS 3.1 score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating network-based attack vector with high attack [truncated]
A vulnerability in PuTTY 0.83's Ed25519 signature verification (eddsa_verify in crypto/ecc-ssh.c) allows improper cryptographic signature verification. The issue involves signature malleability where non-canonical signatures may be accepted. The CVSS 4.0 score of 2.9 (LOW) reflects high attack complexity and difficult exploitability. The vulnerability was published March 22, 2026 and last modified April 3 [truncated]
CVE-2016-6167 describes an untrusted search path issue in PuTTY beta 0.67. According to the NVD record, a local attacker can abuse a Trojan horse UxTheme.dll or ntmarta.dll placed in the current working directory to trigger DLL hijacking and arbitrary code execution. The issue is rated High (CVSS 7.8) and maps to CWE-426.