CVE-2021-4076

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-4076
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4076.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-4076
Downstream
Published
2022-03-02T23:15:09Z
Modified
2025-09-19T13:14:02.040900Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.

References

Affected packages

Git / github.com/latchset/tang

Affected ranges

Type
GIT
Repo
https://github.com/latchset/tang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e82459fda10f0630c3414ed2afbc6320bb9ea7c9

Affected versions

Other

v1
v10
v2
v3
v4
v5
v6
v7
v8
v9

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "321797572174589311185280721370236285163",
                    "219769667748189783138691646782685952019",
                    "132120897176107703105723149812997661307",
                    "228571459031241612021813953457909281020",
                    "333155183931419958214339303597001515660",
                    "142432846293902357827796392072618620397",
                    "36818127767668096131097085253036704246",
                    "260498514133476251456968983631990732981",
                    "295113798126378960367708175393299910570",
                    "145739244979129595320092595439958970046",
                    "74233171872064277006537922218599543276",
                    "281373293986799396679349497865044966948",
                    "70117604069304535824810280700220952219",
                    "29383717379534866724731093523005525795",
                    "17571709610943419114721444398555145269",
                    "195943819114117558545208026242705711389",
                    "113098445392117747656105157736031535500",
                    "326096568519318242638522331926838303191",
                    "240534953806234096456311387736915732663",
                    "39207971571012342078727697227884050900"
                ]
            },
            "id": "CVE-2021-4076-19664f9a",
            "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/keys.c"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "136612934161186189206674997866259629427",
                "length": 815.0
            },
            "id": "CVE-2021-4076-c012c8ad",
            "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/keys.c",
                "function": "find_by_thp"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "149967995752714570335066650740858870954",
                "length": 277.0
            },
            "id": "CVE-2021-4076-f7dd0136",
            "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "src/keys.c",
                "function": "find_jws"
            },
            "deprecated": false
        }
    ]
}