A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1672.json",
"cna_assigner": "redhat",
"cwe_ids": [
"CWE-362"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:tang_project:tang:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "14"
}
]
}"2026-07-09T06:02:14Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1672.json"
[
{
"id": "CVE-2023-1672-c6f7fc11",
"digest": {
"function_hash": "149947170351878071834100038294147802107",
"length": 863.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
"deprecated": false,
"target": {
"function": "create_new_keys",
"file": "src/keys.c"
}
},
{
"id": "CVE-2023-1672-d128fd0c",
"digest": {
"line_hashes": [
"290682886615114646841198991571939427789",
"191331018568499987420945389041944099685",
"100594790634125479673057945341284191592",
"121505816812480176417552743829426362398"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
"deprecated": false,
"target": {
"file": "src/keys.c"
}
}
]