{"id":"CVE-2023-1672","details":"A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.","modified":"2026-03-14T11:57:53.462224Z","published":"2023-07-11T12:15:09.520Z","related":["ALSA-2023:6492","ALSA-2023:7022"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-1672"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2180999"},{"type":"FIX","url":"https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2023/06/15/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/latchset/tang","events":[{"introduced":"0"},{"fixed":"100265e32f56e33c8120fca83de419155ac8db5e"},{"fixed":"8dbbed10870378f1b2c3cf3df2ea7edca7617096"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"14"}]}}],"versions":["v1","v10","v11","v12","v13","v2","v3","v4","v5","v6","v7","v8","v9"],"database_specific":{"vanir_signatures":[{"digest":{"length":863,"function_hash":"149947170351878071834100038294147802107"},"source":"https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096","id":"CVE-2023-1672-c6f7fc11","signature_type":"Function","signature_version":"v1","target":{"file":"src/keys.c","function":"create_new_keys"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["290682886615114646841198991571939427789","191331018568499987420945389041944099685","100594790634125479673057945341284191592","121505816812480176417552743829426362398"]},"source":"https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096","id":"CVE-2023-1672-d128fd0c","signature_type":"Line","signature_version":"v1","target":{"file":"src/keys.c"},"deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1672.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}