CVE-2022-31124

 

Published at: - 06-07-2022 08:15

Last modified: - 14-07-2022 04:22

Total changes: - 2

Description

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://github.com/scottcwang/openssh_key_parser/commit/d5b53b4b7e76c5b666fc657019dbf864fb04076c
• https://github.com/scottcwang/openssh_key_parser/security/advisories/GHSA-hm37-9xh2-q499
• https://github.com/scottcwang/openssh_key_parser/pull/5
• https://github.com/scottcwang/openssh_key_parser/commit/26e0a471e9fdb23e635bc3014cf4cbd2323a08d3
• https://github.com/scottcwang/openssh_key_parser/commit/274447f91b4037b7050ae634879b657554523b39

 

Keywords

NVD

 

CVE-2022-31124

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures