Ce mail provient de l'extérieur, restons vigilants

======================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN552
_____________________________________________________________________

DATE                : 28/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PuTTY versions prior to 0.84.

=====================================================================
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html
https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
_____________________________________________________________________

summary: Server can provoke a double free in RSA KEX code
class: vulnerability: This is a security vulnerability.
absent-in: 7a49ff9ac1f65944434176251b0bfea9fcc44636
present-in: 6d7a6d47e68e8368216f3ab1a0d071db32d20a11 0.72 0.73 0.74 0.75 0.76 0.77 0.78 0.79 0.80 0.81 0.82 0.83
fixed-in: ba3ed53e0bf6682f89940bc2c3e83da6b1524024 (0.84)

PuTTY's implementation of the little-used RSA kex exchange method
(RFC 4432) has a double-free bug: in some situations it frees an RSA
key by calling the special-purpose function ssh_rsakex_freekey and
then also calling the normal free function on the outermost struct,
which is wrong, because ssh_rsakex_freekey already freed the whole
struct.

This bug does not happen if RSA kex completes normally. The
double-free only occurs on an error handling path, triggered if the
key sent by the server is unexpectedly short.

This bug allows a server to provoke the double-free on purpose,
because it can present only RSA kex as an option in its KEXINIT,
and then deliberately send a short key. Since it happens before
host key verification, a MITM can do the same. Therefore, this
bug is listed as a vulnerability, since it's a remote-triggerable
crash. However, we don't know of any way in which the double-free
can be exploited to achieve a controllable effect.

Thanks to Ben Smyth for the report.

Apparently this was introduced during work in 2019 to make a test
SSH server out of the PuTTY code (including an option to pass in
a fixed key pair for RSA kex, complicating the question of
whether to free it after use). Confusion was increased by the
historical oddity that PuTTY's RSA keys were originally held in
a struct that was not freed along with its contents.

_____________________________________________________________________

PuTTY version 0.84 is released
------------------------------

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

0.84 fixes the following security vulnerabilities:

 - Previous versions of PuTTY can be made to crash during SSH
   connection startup, by a malicious server or a MITM attacker
   substituting malicious data in the initial SSH key exchange. Two
   different bugs allow the server to cause an assertion failure or a
   double-free crash.

 - If you use an old insecure connection protocol like Telnet, and
   connect through a proxy server that requires you to enter a
   password, then the whole Telnet connection was accidentally marked
   with the 'trust sigil' that distinguishes prompts from PuTTY itself
   from prompts sent by the server. This could conceivably have fooled
   a user into believing a malicious server's phony request for your
   proxy password.

0.84 has some new features:

 - PuTTY now has the option to run a user-specified command before
   making its main network connection. You could use this, for
   example, to perform a port knock or other network operation that
   temporarily opens the port you want to connect to.

 - On Unix, PuTTY's terminal now supports displaying 'pre-edit text',
   showing what you have typed so far while you're entering a
   multi-key sequence that generates a single Unicode character.

0.84 also has various bug fixes:

 - In the Unix version, you couldn't configure a certificate authority
   for certified host keys using the GUI, unless you had first
   manually created the directory where PuTTY stores the configuration.

 - Fixed spurious error "Network error: Socket is not connected" when
   connecting via an HTTP proxy that requires authentication.

 - On Windows, if you disable cursor blinking systemwide in Control
   Panel but have it turned on in PuTTY, PuTTY would blink the cursor
   frantically.

 - Improved support for running the Unix version on Wayland: pterm
   won't crash when trying to stamp utmp, and a sensible default font
   will be selected instead of complaining about trad X11 'fixed'
   being missing.

Enjoy using PuTTY!

Cheers,
Simon



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================