CVE-2025-64429
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-25

Assigner: GitHub, Inc.

Description
DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator (pcg32) to generate cryptographic keys or IVs. When clearing keys from memory, the compiler may remove the memset() and leave sensitive data on the heap. By modifying the database header, an attacker could downgrade the encryption mode from GCM to CTR to bypass integrity checks. There may be a failure to check return value on call to OpenSSL `rand_bytes()`. An attacker could use public IVs to compromise the internal state of RNG and determine the randomly generated key used to encrypt temporary files, get access to cryptographic keys if they have access to process memory (e.g. through memory leak),circumvent GCM integrity checks, and/or influence the OpenSSL random number generator and DuckDB would not be able to detect a failure of the generator. Version 1.4.2 has disabled the insecure random number generator by no longer using the fallback to write to or create databases. Instead, DuckDB will now attempt to install and load the OpenSSL implementation in the `httpfs` extension. DuckDB now uses secure MbedTLS primitive to clear memory as recommended and requires explicit specification of ciphers without integrity checks like CTR on `ATTACH`. Additionally, DuckDB now checks the return code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-25
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-64429
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
duckdb duckdb From 1.4.0 (inc) to 1.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves DuckDB's block-based encryption implementation starting from version 1.4.0. DuckDB could fall back to an insecure random number generator (pcg32) for generating cryptographic keys or IVs, which is weak. The compiler might remove memory clearing calls (memset), leaving sensitive keys in memory. Attackers could downgrade encryption from GCM to CTR mode by modifying the database header, bypassing integrity checks. There may also be failures to check OpenSSL's rand_bytes() return values, allowing attackers to compromise the RNG state, recover encryption keys from memory leaks, and circumvent integrity protections. Version 1.4.2 addresses these issues by disabling the insecure RNG fallback, using secure memory clearing, requiring explicit cipher specification, and checking return codes.


How can this vulnerability impact me? :

This vulnerability can allow attackers to recover cryptographic keys used to encrypt database files, bypass integrity checks, and potentially access or manipulate sensitive data stored in DuckDB databases. If an attacker can access process memory or modify database headers, they could decrypt or tamper with data that should be protected, leading to data breaches or data integrity violations.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade DuckDB to version 1.4.2 or later, as this version disables the insecure random number generator fallback, uses secure MbedTLS primitives to clear memory, requires explicit specification of ciphers without integrity checks like CTR on ATTACH, and checks return codes properly. Additionally, ensure that the OpenSSL implementation is installed and loaded in the httpfs extension as DuckDB now attempts to do.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart