PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw

PuTTY 0.84 has been released with fixes for multiple minor security flaws, including issues that could trigger SSH key exchange crashes and a Telnet prompt spoofing weakness.

While these vulnerabilities are considered low severity, they highlight how even small flaws in cryptographic handling and session logic can be abused in specific attack scenarios, particularly by malicious servers or man-in-the-middle (MITM) actors.

One of the key fixes addresses a flaw in ECDSA signature verification that could cause PuTTY to crash during the SSH handshake process.

PuTTY 0.84 Fixes Flaws

The issue stems from incorrect handling of elliptic curve arithmetic, leading the application to fail when processing points with the same y-coordinate.

This condition is not inherently invalid, but an assertion in the code caused the client to terminate unexpectedly. Because this verification step occurs before the host key is validated, an attacker could supply a specially crafted key and signature to crash the client reliably.

The flaw affects versions since 0.71 and impacts NIST-based curves such as P256, P384, and P521, while modern curves like Ed25519 remain unaffected.

The result is limited to a denial-of-service condition, potentially interrupting sessions or causing loss of terminal output.

Another issue resolved in this release involves a double-free vulnerability in PuTTY’s implementation of RSA-based key exchange, defined in RFC 4432.

This flaw occurs when handling malformed or unexpectedly short RSA keys during error conditions. In such cases, the application mistakenly frees the same memory structure twice, leading to a crash.

This vulnerability affects versions from 0.72 through 0.83. It can be triggered remotely by a malicious server that intentionally sends a truncated key.

Similar to the previous issue, this flaw occurs before host key verification, meaning a MITM attacker could exploit it.

However, there is currently no evidence that the bug can be leveraged for arbitrary code execution, limiting its impact to denial-of-service.

The release also fixes a subtle but noteworthy issue in Telnet sessions involving PuTTY’s “trust sigil” feature. This visual marker is designed to help users distinguish between legitimate client-generated prompts and potentially malicious prompts sent by a server.

In earlier versions, when users authenticated through a proxy, the trust state was not properly reset before the Telnet session began.

As a result, all subsequent server messages were treated as trusted, potentially leading users to enter sensitive information, such as proxy passwords.

Although this scenario requires specific conditions and relies on legacy protocols like Telnet, it still poses a realistic risk in environments where such protocols are in use.

In addition to these fixes, a separate issue, CVE-2026-4115, related to EdDSA signature handling was addressed.

According to the PuTTY maintainer Alan Coopersmith, the issue does not constitute a genuine security vulnerability, despite receiving a CVE designation from external parties.

Overall, PuTTY 0.84 focuses on improving robustness and eliminating edge-case vulnerabilities that could be abused for disruption or deception.

Users and organizations are advised to upgrade promptly, especially in environments where secure remote access tools are critical, and to avoid relying on outdated protocols such as Telnet wherever possible.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates.