CVE-2021-3623
published 2022-03-02CVE-2021-3623: A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds…
medium6.1CVSS 3.1
AVLACLPRLUINSUCLINAH
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtpms | < libtpms 0.9.1-1 (bookworm) | libtpms 0.9.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| libtpms_project | libtpms | < 0.6.5 | 0.6.5 |
| libtpms_project | libtpms | — | — |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0.7.0 < 0.7.8 | 0.7.8 |
| libtpms_project | libtpms | >= 0.8.0 < 0.8.4 | 0.8.4 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
osv6.1MEDIUM
Red Hat
libtpms: out-of-bounds access when trying to resume the state of the vTPM
vendor_redhat·2021-06-21·CVSS 6.1
CVE-2021-3623 [MEDIUM] CWE-787 libtpms: out-of-bounds access when trying to resume the state of the vTPM
libtpms: out-of-bounds access when trying to resume the state of the vTPM
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Statement: The versions of `libtpms` as shipped with Red Hat Enterprise Linux 8 Advanced Virt
Debian
CVE-2021-3623: libtpms - A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM ...
vendor_debian·2021·CVSS 6.1
CVE-2021-3623 [MEDIUM] CVE-2021-3623: libtpms - A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM ...
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
Scope: local
bookworm: resolved (fixed in 0.9.1-1)
forky: resolved (fixed in 0.9.1-1)
sid: resolved (fixed in 0.9.1-1)
trixie: resolved (fixed in 0.9.1-1)
GHSA
GHSA-6527-9qhc-39j4: A flaw was found in libtpms
ghsa_unreviewed·2022-03-04
CVE-2021-3623 [HIGH] CWE-787 GHSA-6527-9qhc-39j4: A flaw was found in libtpms
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
OSV
CVE-2021-3623: A flaw was found in libtpms
osv·2022-03-02·CVSS 6.1
CVE-2021-3623 [MEDIUM] CVE-2021-3623: A flaw was found in libtpms
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1976806https://github.com/stefanberger/libtpms/commit/2e6173chttps://github.com/stefanberger/libtpms/commit/2f30d62https://github.com/stefanberger/libtpms/commit/7981d9ahttps://github.com/stefanberger/libtpms/pull/223https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/https://bugzilla.redhat.com/show_bug.cgi?id=1976806https://github.com/stefanberger/libtpms/commit/2e6173chttps://github.com/stefanberger/libtpms/commit/2f30d62https://github.com/stefanberger/libtpms/commit/7981d9ahttps://github.com/stefanberger/libtpms/pull/223https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46/
2022-03-02
Published