To mitigate the vulnerability, the OpenSSH project has defined a SSH extension called 'strict KEX' (documented in their PROTOCOL document), which PuTTY 0.80 implements.
Brian Pence <bpence%celestialsoftware.net@localhost> writes:
>Related publication at NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-48795
>
>Implementation versions that are identified as NOT VULNERABLE have all
>recently implemented "strict key exchange"
Where are you seeing that? I can't find that text anywhere on the page.
Peter.