PYSEC-2022-166

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2022-166.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-166

Aliases

Published

2022-03-17T22:15:00Z

Modified

2023-11-01T05:29:06.345157Z

Summary

[none]

Details

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the writeprivatekey_file function could allow unauthorized information disclosure.

References

Affected packages

PyPI / paramiko

Package

Name: paramiko; View open source insights on deps.dev
Purl: pkg:pypi/paramiko

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3

Introduced

2.10.0

Fixed

2.10.1

Affected versions

0.*

0.1-bulbasaur

0.1-charmander

0.9-doduo

0.9-eevee

0.9-fearow

0.9-gyarados

0.9-horsea

0.9-ivysaur

1.*

1.0

1.1

1.2

1.3

1.3.1

1.4

1.5.1

1.5.2

1.5.4

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.7

1.7.1

1.7.2

1.7.4

1.7.5

1.7.6

1.7.7.1

1.7.7.2

1.8.0

1.8.1

1.9.0

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4

1.14.0

1.14.1

1.14.2

1.14.3

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.16.0

1.16.1

1.16.2

1.16.3

1.17.0

1.17.1

1.17.2

1.17.3

1.17.4

1.17.5

1.17.6

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

2.10.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2022-166.yaml"