openssh_key_parser is vulnerable to information disclosure. The vulnerability exists in read_fixed_bytes
function in pascal_style_byte_stream.py
because the exception message is not properly handled which allows an attacker to gain access to view and modify the length of a raw field value of a key.
CPE | Name | Operator | Version |
---|---|---|---|
openssh-key-parser | le | 0.0.5 | |
openssh-key-parser | le | 0.0.5 |
github.com/advisories/GHSA-hm37-9xh2-q499
github.com/scottcwang/openssh_key_parser/commit/26e0a471e9fdb23e635bc3014cf4cbd2323a08d3
github.com/scottcwang/openssh_key_parser/commit/274447f91b4037b7050ae634879b657554523b39
github.com/scottcwang/openssh_key_parser/commit/d5b53b4b7e76c5b666fc657019dbf864fb04076c
github.com/scottcwang/openssh_key_parser/pull/5
github.com/scottcwang/openssh_key_parser/security/advisories/GHSA-hm37-9xh2-q499