CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

References

Affected packages

Git / github.com/latchset/tang

Affected ranges

Type: GIT
Repo: https://github.com/latchset/tang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8dbbed10870378f1b2c3cf3df2ea7edca7617096

Affected versions

Other

v10

v11

v12

v13

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "149947170351878071834100038294147802107",
            "length": 863.0
        },
        "target": {
            "file": "src/keys.c",
            "function": "create_new_keys"
        },
        "source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
        "id": "CVE-2023-1672-c6f7fc11",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290682886615114646841198991571939427789",
                "191331018568499987420945389041944099685",
                "100594790634125479673057945341284191592",
                "121505816812480176417552743829426362398"
            ]
        },
        "target": {
            "file": "src/keys.c"
        },
        "source": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096",
        "id": "CVE-2023-1672-d128fd0c",
        "deprecated": false,
        "signature_version": "v1"
    }
]