CNNVD-202511-1319 Information

CNNVD ID

CNNVD-202511-1319

Related CVE

CVE-2025-64429

• CNNVD Published: 2025-11-12

Description (Chinese)

DuckDB是DuckDB开源的一个进程内 SQL OLAP 数据库管理系统。 DuckDB 1.4.0版本至1.4.2之前版本存在加密问题漏洞，该漏洞源于加密实现问题，可能导致密钥泄露或绕过完整性检查。

Description (English)

DuckDB is a SQL OLAP database management system within a DuckDB open source process. There is a encryption loophole before DuckDB versions 1.4.0 to 1.4.2, which stems from encryption implementation problems and may lead to the release of the key or circumvent integrity checks.

Hazard Level

High

Vulnerability Type

加密问题

Affected Vendor

DuckDB

Published

2025-11-12

Last Modified

2026-02-24

References

https://duckdb.org/2025/09/16/announcing-duckdb-140.html https://github.com/duckdb/duckdb/blob/029a5b87ff5b1cd22f7f9717d48cd8830d00807c/src/common/random_engine.cpp#L20 https://github.com/duckdb/duckdb/pull/17275 https://github.com/duckdb/duckdb/security/advisories/GHSA-vmp8-hg63-v2hp

Patch

https://duckdb.org/install/