Private key leak via inherited file descriptor

The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key material.

Impact is limited to child processes that run untrusted code, but that do not close inherited file descriptors. (For example, the su(1) command.)

This leak was fixed by setting the close-on-exec flag on unix-based systems.

Info

Published: November 17, 2025
Modified: November 17, 2025
CAPECs: < none >
CWEs: 403
Keywords: crypto
Aliases: < none >
Related: < none >
References: [FIX] https://github.com/kazu-yamamoto/crypton-certificate/commit/e353d450c381c9d6b903c4257927e0c89c97acb1

Affected

`x509-store`

CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Versions: >=0.1
Declarations: < none >

`crypton-x509-store`

CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Versions: >=1.6.9 && <1.6.12
Declarations: < none >

HSEC-2025-0006

Private key leak via inherited file descriptor

Info

Affected

x509-store

crypton-x509-store

`x509-store`

`crypton-x509-store`