Headline
GHSA-hm37-9xh2-q499: Possible leak of key's raw field if declared length is incorrect
Impact
If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key’s sensitive field can thus expose the raw value of that field.
Patches
Upgrade to version 0.0.6, which no longer includes the raw field value in the error message.
Workarounds
N/A
References
N/A
For more information
If you have any questions or comments about this advisory:
- Open an issue in openssh_key_parser
Package
pip openssh-key-parser (pip)
Affected versions
< 0.0.6
Patched versions
0.0.6
Description
Impact
If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key’s sensitive field can thus expose the raw value of that field.
Patches
Upgrade to version 0.0.6, which no longer includes the raw field value in the error message.
Workarounds
N/A
References
N/A
For more information
If you have any questions or comments about this advisory:
- Open an issue in openssh_key_parser
References
- GHSA-hm37-9xh2-q499
- scottcwang/openssh_key_parser#5
- scottcwang/openssh_key_parser@26e0a47
- scottcwang/openssh_key_parser@274447f
- scottcwang/openssh_key_parser@d5b53b4
scottcwang published the maintainer security advisory
Jul 6, 2022
Severity
High
7.7
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Weaknesses
CWE-209
CVE ID
CVE-2022-31124
GHSA ID
GHSA-hm37-9xh2-q499
Source code
scottcwang/openssh_key_parser/
Credits
- mike-arnica
Checking history
See something to contribute? Suggest improvements for this vulnerability.
Related news
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.