Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

cR0w @cR0w@infosec.exchange

11/12/2025, 9:43:42 PM

Public

Crypto vulns in DuckDB. I don't have a deep understanding of cryptography but these ones are pretty simple to grasp.

https://github.com/duckdb/duckdb/security/advisories/GHSA-vmp8-hg63-v2hp

The DuckDB can fall back to an insecure random number generator (pcg32) to generate cryptographic keys or IVs.
When clearing keys from memory, the compiler may remove the memset() and leave sensitive data on the heap
By modifying the database header, an attacker could downgrade the encryption mode from GCM to CTR to bypass integrity checks.
Failure to check return value on call to OpenSSL rand_bytes()

Vulnerabilities in DuckDB Encryption Crypto implementation

### Summary DuckDB implemented block-based encryption of DB on the filesystem with this PR: https://github.com/duckdb/duckdb/pull/17275 which got included in the DuckDB 1.4.0 according to https:/...

github.com · GitHub

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/cR0w/statuses/115538907813665068 on your instance and quote it. (Note that quoting is not supported in Mastodon.)