Untriaged
Permalink
CVE-2023-1672
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Race condition exists in the key generation and rotation functionality
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
References
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry
- RHBZ#2180999 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://www.openwall.com/lists/oss-security/2023/06/15/1
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2180999 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 x_transferred
- https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html x_transferred
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry
- RHBZ#2180999 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://www.openwall.com/lists/oss-security/2023/06/15/1
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2180999 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 x_transferred
- https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html x_transferred
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry
- RHBZ#2180999 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
- https://www.openwall.com/lists/oss-security/2023/06/15/1
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html
- https://access.redhat.com/security/cve/CVE-2023-1672 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2180999 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 x_transferred
- https://www.openwall.com/lists/oss-security/2023/06/15/1 x_transferred
- https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html x_transferred
Affected products
tang
Matching in nixpkgs
pkgs.tango
Local command-line Japanese dictionary tool using yomichan's dictionary files
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.md-tangle
Generates ("tangles") source code from Markdown documents
-
nixos-unstable -
- nixpkgs-unstable 1.4.4
pkgs.rectangle
Move and resize windows in macOS using keyboard shortcuts or snap areas
-
nixos-unstable -
- nixpkgs-unstable 0.90
pkgs.tangerine
System for creating 3D models procedurally from a set of Signed Distance Function (SDF) primitive shapes and combining operators
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2024-04-05
pkgs.tangara-cli
Command-line tool for managing the Cool Tech Zone Tangara
-
nixos-unstable -
- nixpkgs-unstable 0.4.3
pkgs.rectangle-pro
Move and resize windows in macOS using keyboard shortcuts or snap areas
-
nixos-unstable -
- nixpkgs-unstable 3.0.37
pkgs.tangara-companion
Companion app for Cool Tech Zone Tangara
-
nixos-unstable -
- nixpkgs-unstable 0.4.3
pkgs.haskellPackages.tangle
Heterogenous memoisation monad
-
nixos-unstable -
- nixpkgs-unstable 0.1
pkgs.gnomeExtensions.rectangle
Magnet/Rectangle like manual tiling
-
nixos-unstable -
- nixpkgs-unstable 27
pkgs.python312Packages.untangle
Convert XML documents into Python objects
-
nixos-unstable -
- nixpkgs-unstable 1.2.1
pkgs.python313Packages.untangle
Convert XML documents into Python objects
-
nixos-unstable -
- nixpkgs-unstable 1.2.1
pkgs.vscode-extensions.matangover.mypy
None
-
nixos-unstable -
- nixpkgs-unstable 0.4.2
pkgs.python312Packages.rectangle-packer
Pack a set of rectangles into a bounding box with minimum area
-
nixos-unstable -
- nixpkgs-unstable 2.0.4
pkgs.python313Packages.rectangle-packer
Pack a set of rectangles into a bounding box with minimum area
-
nixos-unstable -
- nixpkgs-unstable 2.0.4
Package maintainers
-
@ShamrockLee Yueh-Shun Li <shamrocklee@posteo.net>
-
@honnip Jung seungwoo <me@honnip.page>
-
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>
-
@arnoldfarkas Arnold Farkas <arnold.farkas@gmail.com>
-
@Intuinewin Antoine Labarussias <antoinelabarussias@gmail.com>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@stevestreza Steve Streza <nixpkgs@stevestreza.com>
-
@benpye Ben Pye <ben@curlybracket.co.uk>
-
@viraptor Stanisław Pitucha <nix@viraptor.info>
-
@donovanglover Donovan Glover
-
@michaelgrahamevans Michael Evans <michaelgrahamevans@gmail.com>
-
@Aleksanaa Aleksana QwQ <me@aleksana.moe>
-
@austinbutler Austin Butler <austinabutler@gmail.com>
-
@getchoo Seth Flynn <getchoo@tuta.io>
-
@chuangzhu Chuang Zhu <nixos@chuang.cz>