PuTTY Assertion Failure Vulnerability in ECDSA Signature Verification

An assertion failure vulnerability has been identified in PuTTY versions 0.71 prior to 0.84, during the ECDSA signature verification process. This vulnerability allows a malicious server or a man-in-the-middle attacker to cause PuTTY to crash by sending carefully crafted host keys and signatures during the initial SSH key exchange. The issue arises from an improper assertion in the elliptic curve arithmetic, which incorrectly treats the addition of two points with the same y-coordinate as an error, leading to a denial-of-service condition by causing the application to crash.

Impact

Exploitation of this vulnerability causes PuTTY to crash due to an assertion failure, disrupting the current SSH session. While this does not affect other running sessions or lead to a security compromise, it can result in the loss of any valuable information in the terminal scrollback.

Reproduction

To reproduce this vulnerability, connect to a server that can be controlled to send a malicious ECDSA signature and host key during the SSH key exchange. The server can be set up to exploit the vulnerability by sending data that triggers the assertion failure in PuTTY's ECDSA verification process.

Remediation

Users can upgrade to PuTTY version 0.84 or later, where this vulnerability has been fixed.