Security Advisory 2024-039

Release Date:

Critical Putty Client Vulnerability



  • 16/04/2024 --- v1.0 -- Initial publication


A critical vulnerability, identified as CVE-2024-31497, affects the PuTTY SSH client [1]. This vulnerability stems from a bias in ECDSA nonce generation when using the NIST P-521 elliptic curve. Attackers can exploit this bias to recover private keys after observing a relatively small number of ECDSA signatures.

Technical Details

PuTTY, when utilising the NIST P-521 elliptic curve, generates ECDSA nonces with the first 9 bits set to zero. This significant bias makes it feasible for attackers to employ state-of-the-art lattice-based techniques to recover the complete private key from these biased nonces after collecting around 60 valid ECDSA signatures.

Affected Products

  • PuTTY versions before 0.81
  • FileZilla versions from 3.24.1 to 3.66.5
  • WinSCP versions from 5.9.5 to 6.3.2
  • TortoiseGit versions from to 2.15.0
  • TortoiseSVN versions from 1.10.0 to 1.14.6


Users are urged to update their software to a fixed version immediately to mitigate the vulnerability. It is also recommended reviewing and replacing any NIST P-521 (521-bit ECDSA, ecdsa-sha2-nistp521) keys that may have been used with affected versions of PuTTY, as these keys should be considered compromised.



We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.