PYSEC-2022-166

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2022-166.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2022-166
Aliases
Published
2022-03-17T22:15:00Z
Modified
2023-11-01T05:29:06.345157Z
Summary
[none]
Details

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the writeprivatekey_file function could allow unauthorized information disclosure.

References

Affected packages

PyPI / paramiko

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3
Introduced
2.10.0
Fixed
2.10.1

Affected versions

0.*

0.1-bulbasaur
0.1-charmander
0.9-doduo
0.9-eevee
0.9-fearow
0.9-gyarados
0.9-horsea
0.9-ivysaur

1.*

1.0
1.1
1.2
1.3
1.3.1
1.4
1.5.1
1.5.2
1.5.4
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.7
1.7.1
1.7.2
1.7.4
1.7.5
1.7.6
1.7.7.1
1.7.7.2
1.8.0
1.8.1
1.9.0
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.14.0
1.14.1
1.14.2
1.14.3
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.16.0
1.16.1
1.16.2
1.16.3
1.17.0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.17.6
1.18.0
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.4.1
2.4.2
2.4.3
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2
2.10.0