cbcvebase.
CVE-2023-1018
published 2023-02-28

CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption…

medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
debianlibtpms< libtpms 0.9.2-3.1 (bookworm)libtpms 0.9.2-3.1 (bookworm)
libtpms_projectlibtpms>= 0 < 0.9.2-3.10.9.2-3.1
libtpms_projectlibtpms>= 0 < 0.9.2-3.10.9.2-3.1
libtpms_projectlibtpms>= 0 < 0.9.2-3.10.9.2-3.1
libtpms_projectlibtpms>= 0 < 0.9.3-0ubuntu1.22.04.10.9.3-0ubuntu1.22.04.1
microsoftwindows_10_1507< 10.0.10240.1980510.0.10240.19805
microsoftwindows_10_1607< 10.0.14393.578610.0.14393.5786
microsoftwindows_10_1809< 10.0.17763.413110.0.17763.4131
microsoftwindows_10_20h2< 10.0.19042.272810.0.19042.2728
microsoftwindows_10_21h2< 10.0.19044.272810.0.19044.2728
microsoftwindows_10_22h2< 10.0.19045.272810.0.19045.2728
microsoftwindows_11_21h2< 10.0.22000.169610.0.22000.1696
microsoftwindows_11_22h2< 10.0.22621.141310.0.22621.1413
microsoftwindows_server_2016< 10.0.14393.578610.0.14393.5786
microsoftwindows_server_2019< 10.0.17763.413110.0.17763.4131
microsoftwindows_server_2022< 10.0.20348.160710.0.20348.1607
msrcwindows_10_for_x64-based_systems
msrcwindows_10_version_1607_for_x64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_10_version_21h2_for_x64-based_systems
msrcwindows_10_version_22h2_for_x64-based_systems
msrcwindows_11_version_21h2_for_x64-based_systems
msrcwindows_11_version_22h2_for_x64-based_systems
msrcwindows_server_2016
msrcwindows_server_2019

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv7.8HIGH