From d717f86238e1365808cc0fd0de4a5b62b049c028 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Fri, 3 Jul 2020 15:07:34 -0400
Subject: [PATCH] Added check for use-after-free vulnerability in PuTTY v0.73.

---
 README.md    | 1 +
 ssh-audit.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 12b8d03..c53fb5b 100644
--- a/README.md
+++ b/README.md
@@ -78,6 +78,7 @@ $ brew install ssh-audit
  - 1024-bit moduli upgraded from warnings to failures.
  - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)).
  - Suppress recommendation of token host key types.
+ - Added check for use-after-free vulnerability in PuTTY v0.73.
  - Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`.
  - Added 1 new key exchange: `diffie-hellman-group1-sha256`.
  - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`.
diff --git a/ssh-audit.py b/ssh-audit.py
index c51241f..d0a7fa5 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -2191,6 +2191,7 @@ class SSH:  # pylint: disable=too-few-public-methods
                 ['1.2.3',   '2.1.1',   1, 'CVE-2001-0361',  4.0, 'recover plaintext from ciphertext'],
                 ['1.2',     '2.1',     1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']],
             'PuTTY': [
+                ['0.54', '0.73', 2, 'CVE-2020-XXXX', 5.0, 'out of bounds memory read'],
                 ['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'],
                 ['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'],
                 ['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'],