hsec-2025-0006
Vulnerability from osv_haskell
Published
2025-11-17 02:22
Modified
2025-11-17 02:22
Summary
Private key leak via inherited file descriptor
Details
Private key leak via inherited file descriptor
The X.509 key reading function readKeyFile opened a file
descriptor to the private key without setting the close-on-exec
flag. If a child process is execed at the same time, it would
inherit that file descriptor and could read the private key
material.
Impact is limited to child processes that run untrusted code, but
that do not close inherited file descriptors. (For example, the
su(1) command.)
This leak was fixed by setting the close-on-exec flag on unix-based systems.
{
"affected": [
{
"database_specific": {
"human_link": "https://github.com/haskell/security-advisories/tree/main/advisories/published/2025/HSEC-2025-0006.md",
"osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2025/HSEC-2025-0006.json"
},
"package": {
"ecosystem": "Hackage",
"name": "x509-store"
},
"ranges": [
{
"events": [
{
"introduced": "0.1"
}
],
"type": "ECOSYSTEM"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
},
{
"database_specific": {
"human_link": "https://github.com/haskell/security-advisories/tree/main/advisories/published/2025/HSEC-2025-0006.md",
"osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2025/HSEC-2025-0006.json"
},
"package": {
"ecosystem": "Hackage",
"name": "crypton-x509-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.9"
},
{
"fixed": "1.6.12"
}
],
"type": "ECOSYSTEM"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
],
"database_specific": {
"home": "https://github.com/haskell/security-advisories",
"osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
"repository": "https://github.com/haskell/security-advisories"
},
"details": "# Private key leak via inherited file descriptor\n\nThe X.509 key reading function `readKeyFile` opened a file\ndescriptor to the private key without setting the *close-on-exec*\nflag. If a child process is `exec`ed at the same time, it would\ninherit that file descriptor and could read the private key\nmaterial.\n\nImpact is limited to child processes that run untrusted code, but\nthat do not close inherited file descriptors. (For example, the\n`su(1)` command.)\n\nThis leak was fixed by setting the *close-on-exec* flag on\nunix-based systems.\n",
"id": "HSEC-2025-0006",
"modified": "2025-11-17T02:22:38Z",
"published": "2025-11-17T02:22:38Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/kazu-yamamoto/crypton-certificate/commit/e353d450c381c9d6b903c4257927e0c89c97acb1"
}
],
"schema_version": "1.5.0",
"summary": "Private key leak via inherited file descriptor"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…