CVE-2022-24302

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Paramiko versions prior to 2.10.1

Description The issue is related to a race condition in the write private key file function, which could allow unauthorized information disclosure due to synchronization errors when using a shared resource. This could potentially enable an attacker to access confidential information.

Recommendations For Paramiko versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the write private key file function until a patch is available.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2022-2770

ALT-PU-2022-2869

BDU:2022-01897

CVE-2022-24302

DLA-2959-1

DLA-3104-1

DLA-4409-1

GHSA-F8Q4-JWWW-X3WV

MGASA-2022-0132

OESA-2022-1609

OPENSUSE-SU-2022_1446-1

OPENSUSE-SU-2024:13300-1

PYSEC-2022-166

RHSA-2022:4712

RHSA-2022:8845

RHSA-2022:8863

SUSE-SU-2022:1446-1

SUSE-SU-2022:1447-1

SUSE-SU-2022:1536-1

SUSE-SU-2022_1446-1

SUSE-SU-2022_1447-1

USN-5351-1

USN-5351-2

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Paramiko

Red Os

Suse

Ubuntu

Zvirt Node

CVE-2022-24302

Weakness Enumeration

Related Identifiers

Affected Products

References · 61