mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 14:05:22 +01:00
Added check for use-after-free vulnerability in PuTTY v0.73.
This commit is contained in:
parent
bf1fbbfa43
commit
d717f86238
@ -78,6 +78,7 @@ $ brew install ssh-audit
|
||||
- 1024-bit moduli upgraded from warnings to failures.
|
||||
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
|
||||
- Suppress recommendation of token host key types.
|
||||
- Added check for use-after-free vulnerability in PuTTY v0.73.
|
||||
- Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`.
|
||||
- Added 1 new key exchange: `diffie-hellman-group1-sha256`.
|
||||
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
|
||||
|
@ -2191,6 +2191,7 @@ class SSH: # pylint: disable=too-few-public-methods
|
||||
['1.2.3', '2.1.1', 1, 'CVE-2001-0361', 4.0, 'recover plaintext from ciphertext'],
|
||||
['1.2', '2.1', 1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']],
|
||||
'PuTTY': [
|
||||
['0.54', '0.73', 2, 'CVE-2020-XXXX', 5.0, 'out of bounds memory read'],
|
||||
['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'],
|
||||
['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'],
|
||||
['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'],
|
||||
|
Loading…
Reference in New Issue
Block a user