Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible leak of key's raw field if declared length is incorrect in openssh_key_parser
Vulnerability Description
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
openssh_key_parser 安全漏洞
Vulnerability Description
openssh_key_parser是一个开源python软件包。 openssh_key_parser 0.0.6 之前版本存在安全漏洞,该漏洞源于如果键的字段比声明的短,解析器会引发错误,并显示包含原始字段值的消息。
CVSS Information
N/A
Vulnerability Type
N/A