PuTTY tools from 0.68 to 0.80 inclusive have a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.) Assigned CVE for this vulnerability is CVE-2024-31497

This vulnerability enables compromise of the SSH private key. It is recommended to revoke these keys.

The following (not necessarily complete) list of products bundle an affected
PuTTY version and are therefore vulnerable as well:

– FileZilla 3.24.1 – 3.66.5
– WinSCP 5.9.5 – 6.3.2
– TortoiseGit 2.4.0.2 – 2.15.0
– TortoiseSVN 1.10.0 – 1.14.6

A more detailed description of the vulnerability and its impact can be found on OpenWall mailing list.

Note that based on this article, the problem is not with how the key was originally generated; it doesn’t matter whether it came from PuTTYgen or somewhere else. What matters is whether it was ever used with a vulnerable version of PuTTY or Pageant.

This vulnerability has been fixed in PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit 2.15.0.1. TortoiseSVN users are advised to configure TortoiseSVN to use Plink from the latest PuTTY 0.81 release when accessing a SVN repository via SSH until a patch becomes available.