Swtpm Project Swtpm vulnerabilities

CVE-2020-28407 [HIGH] CWE-59 CVE-2020-28407: In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary fi In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

CVE-2022-23645 [MEDIUM] CWE-125 CVE-2022-23645: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versi swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing t