Upstream information

CVE-2015-2157 at MITRE

Description

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 920167 [RESOLVED / FIXED]

SUSE Security Advisories:

    openSUSE-SU-2015:0474-1

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • putty >= 0.67-1.5
Patchnames:
openSUSE-Tumbleweed-2024-10374


SUSE Timeline for this CVE

CVE page created: Sun Mar 1 01:25:07 2015
CVE page last modified: Mon Apr 14 12:21:53 2025