CVE-2023-1672Race Condition in Project Tang

CWE-362Race Condition8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 92.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tang Project TangFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJul 11
Latest updateNov 20

Description

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

Debiantang_project/tang< 8-3+deb11u2+3

Also affects: Fedora 38, Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-9wgp-4vcq-75qr: A race condition exists in the Tang server functionality for key generation and key rotation2023-07-11
CVEList
Race condition exists in the key generation and rotation functionality2023-07-11
OSV
CVE-2023-1672: A race condition exists in the Tang server functionality for key generation and key rotation2023-07-11

📋Vendor Advisories

4
Ubuntu
Tang vulnerability2023-11-20
Microsoft
Race condition exists in the key generation and rotation functionality2023-07-11
Red Hat
tang: Race condition exists in the key generation and rotation functionality2023-06-07
Debian
CVE-2023-1672: tang - A race condition exists in the Tang server functionality for key generation and ...2023
CVE-2023-1672 — Race Condition in Tang Project Tang | cvebase