Stefanberger Swtpm vulnerabilities

1 known vulnerability affecting stefanberger/swtpm.

Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-23645MEDIUMCVSS 5.5fixed in 0.5.3v>= 0.6.0, < 0.6.2+1 more2022-02-18
CVE-2022-23645 [MEDIUM] CWE-125 CVE-2022-23645: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versi swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing t
cvelistv5nvd