CVE-2021-3746
published 2021-10-19CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtpms | < libtpms 0.9.1-1 (bookworm) | libtpms 0.9.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| libtpms_project | libtpms | — | — |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0 < 0.9.1-1 | 0.9.1-1 |
| libtpms_project | libtpms | >= 0.6.0 < 0.6.6 | 0.6.6 |
| libtpms_project | libtpms | >= 0.7.0 < 0.7.9 | 0.7.9 |
| libtpms_project | libtpms | >= 0.8.0 < 0.8.5 | 0.8.5 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
Red Hat
libtpms: out-of-bounds access via specially crafted TPM 2 command packets
vendor_redhat·2021-08-04·CVSS 6.5
CVE-2021-3746 [MEDIUM] CWE-119 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
libtpms: out-of-bounds access via specially crafted TPM 2 command packets
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system ava
Debian
CVE-2021-3746: libtpms - A flaw was found in the libtpms code that may cause access beyond the boundary o...
vendor_debian·2021·CVSS 6.5
CVE-2021-3746 [MEDIUM] CVE-2021-3746: libtpms - A flaw was found in the libtpms code that may cause access beyond the boundary o...
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Scope: local
bookworm: resolved (fixed in 0.9.1-1)
forky: resolved (fixed in 0.9.1-1)
sid: resolved (fixed in 0.9.1-1)
trixie: resolved (fixed in 0.9.1-1)
GHSA
GHSA-9ffq-6fp7-34mv: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers
ghsa_unreviewed·2022-05-24
CVE-2021-3746 [HIGH] CWE-119 GHSA-9ffq-6fp7-34mv: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
OSV
CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers
osv·2021-10-19·CVSS 6.5
CVE-2021-3746 [MEDIUM] CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-19
Published