CVE-2023-1672

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1672
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1672.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1672
Downstream
Related
Published
2023-07-11T12:15:09.520Z
Modified
2026-03-14T11:57:53.462224Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

References

Affected packages

Git / github.com/latchset/tang

Affected ranges

Type
GIT
Repo
https://github.com/latchset/tang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
100265e32f56e33c8120fca83de419155ac8db5e
Fixed
8dbbed10870378f1b2c3cf3df2ea7edca7617096
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14"
        }
    ]
}

Affected versions

Other
v1
v10
v11
v12
v13
v2
v3
v4
v5
v6
v7
v8
v9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1672.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "149947170351878071834100038294147802107",
            "length": 863.0
        },
        "source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
        "id": "CVE-2023-1672-c6f7fc11",
        "target": {
            "file": "src/keys.c",
            "function": "create_new_keys"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "290682886615114646841198991571939427789",
                "191331018568499987420945389041944099685",
                "100594790634125479673057945341284191592",
                "121505816812480176417552743829426362398"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
        "id": "CVE-2023-1672-d128fd0c",
        "target": {
            "file": "src/keys.c"
        }
    }
]