PT-2025-55202 · Hackage · Crypton-X509-Store+1
Published
2025-11-17
·
Updated
2025-11-17
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Private key leak via inherited file descriptor
The X.509 key reading function
readKeyFile opened a file
descriptor to the private key without setting the close-on-exec
flag. If a child process is execed at the same time, it would
inherit that file descriptor and could read the private key
material.Impact is limited to child processes that run untrusted code, but
that do not close inherited file descriptors. (For example, the
su(1) command.)This leak was fixed by setting the close-on-exec flag on
unix-based systems.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Crypton-X509-Store
X509-Store