DuckDB Block-Based Encryption Vulnerability Allowing Cryptographic Downgrade and Key Exposure

A vulnerability in DuckDB's block-based encryption implementation, introduced in version 1.4.0, can lead to the exposure of cryptographic keys and integrity checks bypass. The issue arises from the use of an insecure random number generator (pcg32) for generating cryptographic keys and initialization vectors (IVs), the potential for the compiler to optimize out memory-clearing operations, and the possibility of downgrading the encryption mode by modifying the database header. Additionally, DuckDB failed to check the return value of OpenSSL's rand_bytes() function, which could lead to predictable key generation. An attacker could exploit these weaknesses to access cryptographic keys from process memory, circumvent integrity checks, and influence the random number generator's state, causing deterministic key values.

Impact

Exploitation of this vulnerability could allow an attacker to access cryptographic keys used for encrypting temporary files, bypass integrity checks associated with the GCM encryption mode, and manipulate the OpenSSL random number generator, leading to predictable key generation. In the context of DuckDB, this could result in unauthorized access to encrypted database files or the ability to create untraceable modifications to database content.

Remediation

Users can upgrade to DuckDB version 1.4.2, which addresses these vulnerabilities by disabling the use of the insecure random number generator, using secure methods to clear memory, requiring explicit cipher specifications without integrity checks for certain operations, and checking the return values of cryptographic function calls.