If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field.
Upgrade to version 0.0.6, which no longer includes the raw field value in the error message.
N/A
N/A
If you have any questions or comments about this advisory: * Open an issue in opensshkeyparser