Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-1672

Published: 11/07/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Tang Project

Vulnerability Summary

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Vulnerable Product Search on Vulmon Subscribe to Product

tang project tang

fedoraproject fedora 38

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: tang: CVE-2023-1672
Debian Bug report logs - #1038119 tang: CVE-2023-1672 Package: src:tang; Maintainer for src:tang is Christoph Biedl <debianaxhn@manchmalin-ulmde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Jun 2023 15:57:01 UTC Severity: important Tags: security, upstream Found in version tang/11-2 ...
Red Hat: Moderate: tang security update
Synopsis Moderate: tang security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tang is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: tang security and bug fix update
概要 Moderate: tang security and bug fix update タイプ/重大度 Security Advisory: Moderate Red Hat Insights パッチ分析 このアドバイザリーの影響を受けるシステムを特定し、修正します。 影響を受けるシステムの表示 トピック An update for tang is now available for Red Hat Enterpri ...
Red Hat:
Description<!---->A race condition exists in the Tang server functionality for key generation and key rotation This flaw results in a small time window where Tang private keys become readable by other processes on the same hostA race condition exists in the Tang server functionality for key generation and key rotation This flaw results in a smal ...

References

CWE-362https://access.redhat.com/security/cve/CVE-2023-1672https://www.openwall.com/lists/oss-security/2023/06/15/1https://bugzilla.redhat.com/show_bug.cgi?id=2180999https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096https://lists.debian.org/debian-lts-announce/2023/11/msg00004.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038119https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-1672
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook