Question regarding PuTTY version being used :: Support Forum

eyal
Joined:: 2022-02-08
Posts:: 3

Question regarding PuTTY version being used

2022-02-08 16:00

Hi,

Does the public vulnerabilities of the PuTTY version being used by WinSCP are automatically applied to the WinSCP or only the public WinSCP CVEs are the applicable vulnerabilities per version?

Thanks,
Eyal

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,664
Location:: Prague, Czechia

Re: Question regarding PuTTY version being used

2022-02-10

That's rather broad question. anyway, if there's a fix to a vulnerability of the PuTTY version used by WinSCP, we include the fix into WinSCP. In general.

Do you have a specific vulnerability in mind?

Reply with quote

eyal

Re: Question regarding PuTTY version being used

2022-02-10 19:49

In regards to CVE-2019-9898, can you update if WinSCP versions that uses PuTTY with versions earlier than 0.71 are affected or whether it has its own mechanism for ensuring true randomness?

Reply with quote