{"id":"CVE-2021-4076","details":"A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.","modified":"2026-04-12T02:00:18.595554Z","published":"2022-03-02T23:15:09.187Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2029814"},{"type":"FIX","url":"https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9"},{"type":"FIX","url":"https://github.com/latchset/tang/pull/81"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/latchset/tang","events":[{"introduced":"95d482256f2d44bd6819df4e41a278937a9827b5"},{"fixed":"e2059ee1109510a7c14b099af7dcd8631e598270"},{"fixed":"e82459fda10f0630c3414ed2afbc6320bb9ea7c9"}],"database_specific":{"cpe":"cpe:2.3:a:tang_project:tang:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"8"},{"fixed":"11"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["v10","v8","v9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T02:00:18Z","vanir_signatures":[{"digest":{"line_hashes":["321797572174589311185280721370236285163","219769667748189783138691646782685952019","132120897176107703105723149812997661307","228571459031241612021813953457909281020","333155183931419958214339303597001515660","142432846293902357827796392072618620397","36818127767668096131097085253036704246","260498514133476251456968983631990732981","295113798126378960367708175393299910570","145739244979129595320092595439958970046","74233171872064277006537922218599543276","281373293986799396679349497865044966948","70117604069304535824810280700220952219","29383717379534866724731093523005525795","17571709610943419114721444398555145269","195943819114117558545208026242705711389","113098445392117747656105157736031535500","326096568519318242638522331926838303191","240534953806234096456311387736915732663","39207971571012342078727697227884050900"],"threshold":0.9},"signature_version":"v1","target":{"file":"src/keys.c"},"source":"https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9","signature_type":"Line","id":"CVE-2021-4076-19664f9a","deprecated":false},{"digest":{"length":815,"function_hash":"136612934161186189206674997866259629427"},"signature_version":"v1","target":{"file":"src/keys.c","function":"find_by_thp"},"source":"https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9","signature_type":"Function","id":"CVE-2021-4076-c012c8ad","deprecated":false},{"digest":{"length":277,"function_hash":"149967995752714570335066650740858870954"},"signature_version":"v1","target":{"file":"src/keys.c","function":"find_jws"},"source":"https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9","signature_type":"Function","id":"CVE-2021-4076-f7dd0136","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4076.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}