{"id":"HSEC-2025-0006","summary":"Private key leak via inherited file descriptor","details":"# Private key leak via inherited file descriptor\n\nThe X.509 key reading function `readKeyFile` opened a file\ndescriptor to the private key without setting the *close-on-exec*\nflag. If a child process is `exec`ed at the same time, it would\ninherit that file descriptor and could read the private key\nmaterial.\n\nImpact is limited to child processes that run untrusted code, but\nthat do not close inherited file descriptors. (For example, the\n`su(1)` command.)\n\nThis leak was fixed by setting the *close-on-exec* flag on\nunix-based systems.\n","modified":"2025-11-17T02:27:23.133734Z","published":"2025-11-17T02:22:38Z","database_specific":{"osvs":"https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export","home":"https://github.com/haskell/security-advisories","repository":"https://github.com/haskell/security-advisories"},"references":[{"type":"FIX","url":"https://github.com/kazu-yamamoto/crypton-certificate/commit/e353d450c381c9d6b903c4257927e0c89c97acb1"}],"affected":[{"package":{"name":"x509-store","ecosystem":"Hackage","purl":"pkg:hackage/x509-store"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.1"}]}],"versions":["1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9"],"database_specific":{"osv":"https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2025/HSEC-2025-0006.json","source":"https://github.com/haskell/security-advisories/blob/generated/osv-export/2025/HSEC-2025-0006.json","human_link":"https://github.com/haskell/security-advisories/tree/main/advisories/published/2025/HSEC-2025-0006.md"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]},{"package":{"name":"crypton-x509-store","ecosystem":"Hackage","purl":"pkg:hackage/crypton-x509-store"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.6.9"},{"fixed":"1.6.12"}]}],"versions":["1.6.10","1.6.11","1.6.9"],"database_specific":{"osv":"https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2025/HSEC-2025-0006.json","source":"https://github.com/haskell/security-advisories/blob/generated/osv-export/2025/HSEC-2025-0006.json","human_link":"https://github.com/haskell/security-advisories/tree/main/advisories/published/2025/HSEC-2025-0006.md"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}],"schema_version":"1.7.5"}