HSEC-2025-0006

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2025/HSEC-2025-0006.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2025-0006

Published

2025-11-17T02:22:38Z

Modified

2025-11-17T02:27:23.133734Z

Summary

Private key leak via inherited file descriptor

Details

Private key leak via inherited file descriptor

The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key material.

Impact is limited to child processes that run untrusted code, but that do not close inherited file descriptors. (For example, the su(1) command.)

This leak was fixed by setting the close-on-exec flag on unix-based systems.

Database specific

{
    "repository": "https://github.com/haskell/security-advisories",
    "osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
    "home": "https://github.com/haskell/security-advisories"
}

References

https://github.com/kazu-yamamoto/crypton-certificate/commit/e353d450c381c9d6b903c4257927e0c89c97acb1

Affected packages

Hackage / x509-store

Package

Name: x509-store
Purl: pkg:hackage/x509-store

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.1

Affected versions

1.*

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

Database specific

osv

"https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2025/HSEC-2025-0006.json"

human_link

"https://github.com/haskell/security-advisories/tree/main/advisories/published/2025/HSEC-2025-0006.md"

Hackage / crypton-x509-store