PuTTY Double Free Vulnerability in RSA Key Exchange

A double free vulnerability has been identified in PuTTY versions 0.72 prior to 0.84, specifically within the RSA key exchange implementation. This vulnerability allows a server to intentionally trigger a double free error by sending a short key during the SSH connection startup, leading to a crash. The issue arises in the error handling process, before host key verification, creating a potential opportunity for a man-in-the-middle attacker to exploit it.

Impact

Exploitation of this vulnerability causes a double free error, leading to a crash of the PuTTY application.

Reproduction

To reproduce this vulnerability, connect to a server that offers only RSA key exchange and deliberately sends a short key during the initial SSH key exchange. This can be done by configuring a test SSH server to present RSA key exchange as the only option and then intercepting the connection to substitute a maliciously short key. The double free error will occur, causing PuTTY to crash.

Remediation

Users can upgrade to PuTTY version 0.84, which addresses this vulnerability.