CVE-2023-1672
published 2023-07-11CVE-2023-1672: A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys…
medium5.3CVSS 3.1
AVAACHPRNUINSUCHINAN
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tang | < tang 11-2+deb12u1 (bookworm) | tang 11-2+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | cbl2_tang_14-1_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| tang_project | tang | < 14 | 14 |
| tang_project | tang | >= 0 < 8-3+deb11u2 | 8-3+deb11u2 |
| tang_project | tang | >= 0 < 11-2+deb12u1 | 11-2+deb12u1 |
| tang_project | tang | >= 0 < 14-1 | 14-1 |
| tang_project | tang | >= 0 < 14-1 | 14-1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.3MEDIUM