Information Disclosure

opensshkeyparser is vulnerable to information disclosure. The vulnerability exists in readfixedbytes function in pascalstylebytestream.py because the exception message is not properly handled which allows an attacker to gain access to view and modify the length of a raw field value of a key...

PYSEC-2022-233

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

Design/Logic Flaw

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...

CVE-2022-31124

OpenSSH key parser (openssh_key_parser) contains a vulnerability in which, prior to version 0.0.6, if a key field is shorter than declared, the error message includes the raw field value. An attacker who can modify the declared length of a key’s sensitive field can expose the raw value of that fi...

CVE-2022-31124 Possible leak of key's raw field if declared length is incorrect in openssh_key_parser

opensshkeyparser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker...