High severityNVD Advisory· Published Mar 17, 2022· Updated Dec 16, 2025
CVE-2022-24302
CVE-2022-24302
Description
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paramikoPyPI | >= 2.10.0, < 2.10.1 | 2.10.1 |
paramikoPyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
Affected products
9- ghsa-coords8 versionspkg:pypi/paramikopkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
>= 2.10.0, < 2.10.1+ 7 more
- (no CPE)range: >= 2.10.0, < 2.10.1
- (no CPE)range: < 2.4.2-150100.6.12.1
- (no CPE)range: < 2.4.2-150100.6.12.1
- (no CPE)range: < 3.3.1-2.1
- (no CPE)range: < 2.4.2-150100.6.12.1
- (no CPE)range: < 2.4.0-9.13.1
- (no CPE)range: < 2.4.2-150100.6.12.1
- (no CPE)range: < 2.4.2-150100.6.12.1
Patches
Vulnerability mechanics
References
18- github.com/advisories/GHSA-f8q4-jwww-x3wvghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2022-24302ghsaADVISORY
- github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.pyghsax_refsource_MISCWEB
- github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2eghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2022-166.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2022/03/msg00032.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2022/09/msg00013.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2025/12/msg00020.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQLghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSBghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQLghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSBghsaWEB
- www.paramiko.org/changelog.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.