CVE-2026-48852
Received
Received - Intake
ECDSA Signature Verification Failure in PuTTY
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: MITRE
Description
Description
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| putty | putty | to 0.84 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an assertion failure in the ECDSA signature verification process in PuTTY versions 0.71 through 0.83. An assertion failure typically means that the software encounters an unexpected condition that causes it to stop or behave incorrectly during the verification of ECDSA signatures.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to availability, as indicated by the CVSS score. It could cause PuTTY to crash or become unavailable during ECDSA signature verification, but it does not affect confidentiality or integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70