CVE-2022-31124

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

EUVD-2016-8260

Malware in sbrugna...

GHSA-HM37-9XH2-Q499 Possible leak of key's raw field if declared length is incorrect

Impact If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Patches Upgrade to version 0.0.6, which...

CVE-2022-31124

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

CVE-2022-31124 Possible leak of key's raw field if declared length is incorrect in openssh_key_parser

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

openssh_key_parser 安全漏洞

opensshkeyparser is an open source python package. A security vulnerability exists in versions of opensshkeyparser prior to 0.0.6, which stems from the fact that if a key field is shorter than declared, the parser raises an error and displays a message containing the original field value...

The vulnerability of the SSH Dropbear session management software lies in insufficient input data validation, allowing an attacker to execute arbitrary code.

The vulnerability of the SSH Dropbear session management software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the “dropbearconvert” command, with the help of a specially crafted OpenSSH key file...

Dropbear SSH < 2016.74.0 Multiple Vulnerabilities

Binary data 700028.prm...

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...

UBUNTU-CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...

Dropbear SSH Server < 2016.72 Multiple Vulnerabilities

According to its self-reported version in its banner, Dropbear SSH running on the remote host is prior to 2016.74. It is, therefore, affected by the following vulnerabilities : - A format string flaw exists due to improper handling of string format specifiers e.g., %s and %x in usernames and host...

openSUSE: Security Advisory for dropbear (openSUSE-SU-2016:1891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : dropbear (openSUSE-2016-918)

This update for dropbear fixes four security issues bnc990363 : - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including '%' symbols could be created on the target system. If a dbclient user can control usernames or host...

Security update for dropbear (critical)

This update for dropbear fixes four security issues bnc990363: - A format string injection vulnerability allowed remotes attacker to run arbitrary code as root if specific usernames including "%" symbols could be created on the target system. If a dbclient user can control usernames or host...