Libtpms Project Libtpms 0.8.3

CPE Details

Libtpms Project Libtpms 0.8.3
libtpms_project
libtpms
0.8.3
2022-03-08
14h27 +00:00
2022-03-11
21h12 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libtpms_project:libtpms:0.8.3:*:*:*:*:*:*:*

Informations

Vendor

libtpms_project

Product

libtpms

Version

0.8.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3623 2022-03-02 21h02 +00:00 A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.
6.1
Medium
CVE-2021-3746 2021-10-19 12h07 +00:00 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.