CVE-2023-22745 — Classic Buffer Overflow in Tpm2-tss

CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 90.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tpm2-software Tpm2-tss Tpm2 Software Stack Project Tpm2 Software Stack Debian Tpm2-tss +2 more

Timeline

PublishedJan 19

Latest updateMay 29

Description

tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of th…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages7 packages

▶NVDtpm2_software_stack_project/tpm2_software_stack4.0.0 — 4.1.0+1

▶CVEListV5tpm2-software/tpm2-tss< 4.0.1+1

▶Debiantpm2-software/tpm2-tss< 3.2.1-3+2

▶Ubuntutpm2-software/tpm2-tss< 2.3.2-1ubuntu0.20.04.2+2

▶msrcmsrc/cm1_tpm2-tss_2.4.6-2_on_cbl_mariner_1.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

tpm2-tss vulnerabilities↗2024-05-29

▶

OSV

CVE-2023-22745: tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2)↗2023-01-19

▶

📋Vendor Advisories

Ubuntu

TPM2 Software Stack vulnerabilities↗2024-05-29

▶

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Red Hat

tpm2-tss: Buffer Overlow in TSS2_RC_Decode↗2023-01-20

▶

Microsoft

Buffer Overlow in TSS2_RC_Decode in tpm2-tss↗2023-01-10

▶

Debian

CVE-2023-22745: tpm2-tss - tpm2-tss is an open source software implementation of the Trusted Computing Grou...↗2023

▶