CVE-2021-4076

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-4076
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4076.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-4076
Downstream
Published
2022-03-02T23:15:09Z
Modified
2025-10-15T13:17:42.278966Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.

References

Affected packages

Git / github.com/latchset/tang

Affected ranges

Type
GIT
Repo
https://github.com/latchset/tang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e82459fda10f0630c3414ed2afbc6320bb9ea7c9

Affected versions

Other

v1
v10
v2
v3
v4
v5
v6
v7
v8
v9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321797572174589311185280721370236285163",
                "219769667748189783138691646782685952019",
                "132120897176107703105723149812997661307",
                "228571459031241612021813953457909281020",
                "333155183931419958214339303597001515660",
                "142432846293902357827796392072618620397",
                "36818127767668096131097085253036704246",
                "260498514133476251456968983631990732981",
                "295113798126378960367708175393299910570",
                "145739244979129595320092595439958970046",
                "74233171872064277006537922218599543276",
                "281373293986799396679349497865044966948",
                "70117604069304535824810280700220952219",
                "29383717379534866724731093523005525795",
                "17571709610943419114721444398555145269",
                "195943819114117558545208026242705711389",
                "113098445392117747656105157736031535500",
                "326096568519318242638522331926838303191",
                "240534953806234096456311387736915732663",
                "39207971571012342078727697227884050900"
            ]
        },
        "target": {
            "file": "src/keys.c"
        },
        "id": "CVE-2021-4076-19664f9a"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
        "signature_type": "Function",
        "digest": {
            "function_hash": "136612934161186189206674997866259629427",
            "length": 815.0
        },
        "target": {
            "function": "find_by_thp",
            "file": "src/keys.c"
        },
        "id": "CVE-2021-4076-c012c8ad"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9",
        "signature_type": "Function",
        "digest": {
            "function_hash": "149967995752714570335066650740858870954",
            "length": 277.0
        },
        "target": {
            "function": "find_jws",
            "file": "src/keys.c"
        },
        "id": "CVE-2021-4076-f7dd0136"
    }
]