CVE-2026-32953
Buffer Index Error in Tillitis TKey Client Causes Key Collision
Publication date: 2026-03-20
Last updated on: 2026-04-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tillitis | tkey_client | to 1.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-303 | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32953 is a vulnerability in the Tillitis tkeyclient Go package versions 1.2.0 and below. It is caused by a buffer index error in the handling of User Supplied Secrets (USS) during the generation of Compound Device Identifiers (CDI). Specifically, one out of every 256 USS values is silently ignored because the code overwrites a boolean flag indicating USS usage with the first byte of the USS digest. If this first byte is zero, the USS is effectively discarded, resulting in the same CDI as if no USS was provided.
This bug leads to key collisions where different USS inputs produce identical keys, weakening the security of the system. The issue was fixed in version 1.3.0 by correcting the buffer indexing and ensuring the boolean flag is preserved while copying the USS digest correctly.
How can this vulnerability impact me? :
This vulnerability can impact you by causing some User Supplied Secrets to be ignored, which results in generating identical cryptographic keys (Compound Device Identifiers) for different USS inputs. This weakens the uniqueness and integrity of the keys.
The impact includes low confidentiality, integrity, and availability on the vulnerable system itself, but it has a high impact on any subsequent systems or processes that rely on these compromised keys for security.
Exploitation requires physical access to the device but no privileges or user interaction. The recommended mitigation is to upgrade to version 1.3.0 or, if unable to upgrade immediately, to use a USS whose hash does not start with a zero byte.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to the Tillitis tkeyclient Go module and affects the handling of User Supplied Secrets (USS) during key generation. Detection involves verifying the version of the tkeyclient package in use and checking if it is version 1.2.0 or below, which are vulnerable.
Since the issue is a protocol implementation bug causing certain USS inputs to be ignored, detection on a network or system would primarily involve checking the software version and possibly testing the behavior with USS values whose hash starts with 0x00.
No specific network commands or system commands are provided in the available resources to detect the vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to upgrade the tkeyclient Go module to version 1.3.0 or later, where the vulnerability has been fixed by correcting the buffer indexing and USS digest handling.'}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, users should switch to a User Supplied Secret (USS) whose hash does not begin with a zero byte (0x00) to avoid the vulnerability's effect."}, {'type': 'paragraph', 'content': 'Additionally, the new version introduces an option function WithFullUss() to be used with the Connect() method, which can help mitigate the issue by enforcing full USS digest usage.'}] [1, 2, 3]