AZL-27405

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27405.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-27405

Upstream

CVE-2023-1672

Published

2023-07-11T12:15:09Z

Modified

2026-04-21T04:24:16.614188Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2023-1672 affecting package tang for versions less than 14-1

Details

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1672

Affected packages

Azure Linux:2 / tang

Package

Name: tang
Purl: pkg:rpm/azure-linux/tang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27405.json"