Vulnerability Description
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Putty | Putty | < 0.75 |
| Microsoft | Windows | - |
References
- https://docs.ssh-mitm.at/puttydos.htmlExploitThird Party Advisory
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/puttExploitThird Party Advisory
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease NotesThird Party Advisory
- https://docs.ssh-mitm.at/puttydos.htmlExploitThird Party Advisory
- https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/puttExploitThird Party Advisory
- https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease NotesThird Party Advisory
FAQ
What is CVE-2021-33500?
CVE-2021-33500 is a vulnerability with a CVSS score of 7.5 (HIGH). PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWi...
How severe is CVE-2021-33500?
CVE-2021-33500 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33500?
Check the references section above for vendor advisories and patch information. Affected products include: Putty Putty, Microsoft Windows.