Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by swtpm_project
CVE-2020-28407 (GCVE-0-2020-28407)
Vulnerability from cvelistv5 – Published: 2023-11-03 00:00 – Updated: 2024-09-12 19:34
VLAI
Summary
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.4.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1198395"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:19:19.183984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:34:06.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T03:28:13.971Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.4.2"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1198395"
},
{
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28407",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2024-09-12T19:34:06.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23645 (GCVE-0-2022-23645)
Vulnerability from cvelistv5 – Published: 2022-02-18 20:50 – Updated: 2025-04-23 19:02
VLAI
Title
Out-of-bounds read in swtpm
Summary
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/stefanberger/swtpm/security/ad… | x_refsource_CONFIRM |
| https://github.com/stefanberger/swtpm/commit/9f74… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stefanberger | swtpm |
Affected:
< 0.5.3
Affected: >= 0.6.0, < 0.6.2 Affected: = 0.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:18.102365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:02:38.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "swtpm",
"vendor": "stefanberger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.3"
},
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.6.2"
},
{
"status": "affected",
"version": "= 0.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm\u0027s state, where the blobheader\u0027s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-05T19:06:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
],
"source": {
"advisory": "GHSA-2qgm-8xf4-3hqw",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in swtpm",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23645",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in swtpm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "swtpm",
"version": {
"version_data": [
{
"version_value": "\u003c 0.5.3"
},
{
"version_value": "\u003e= 0.6.0, \u003c 0.6.2"
},
{
"version_value": "= 0.7.0"
}
]
}
}
]
},
"vendor_name": "stefanberger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm\u0027s state, where the blobheader\u0027s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw",
"refsource": "CONFIRM",
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"name": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
]
},
"source": {
"advisory": "GHSA-2qgm-8xf4-3hqw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23645",
"datePublished": "2022-02-18T20:50:10.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:02:38.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28407 (GCVE-0-2020-28407)
Vulnerability from nvd – Published: 2023-11-03 00:00 – Updated: 2024-09-12 19:34
VLAI
Summary
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.4.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1198395"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:19:19.183984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:34:06.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T03:28:13.971Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.4.2"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1198395"
},
{
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28407",
"datePublished": "2023-11-03T00:00:00.000Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2024-09-12T19:34:06.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23645 (GCVE-0-2022-23645)
Vulnerability from nvd – Published: 2022-02-18 20:50 – Updated: 2025-04-23 19:02
VLAI
Title
Out-of-bounds read in swtpm
Summary
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/stefanberger/swtpm/security/ad… | x_refsource_CONFIRM |
| https://github.com/stefanberger/swtpm/commit/9f74… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://github.com/stefanberger/swtpm/releases/ta… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stefanberger | swtpm |
Affected:
< 0.5.3
Affected: >= 0.6.0, < 0.6.2 Affected: = 0.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:18.102365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:02:38.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "swtpm",
"vendor": "stefanberger",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.3"
},
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.6.2"
},
{
"status": "affected",
"version": "= 0.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm\u0027s state, where the blobheader\u0027s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-05T19:06:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
],
"source": {
"advisory": "GHSA-2qgm-8xf4-3hqw",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in swtpm",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23645",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in swtpm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "swtpm",
"version": {
"version_data": [
{
"version_value": "\u003c 0.5.3"
},
{
"version_value": "\u003e= 0.6.0, \u003c 0.6.2"
},
{
"version_value": "= 0.7.0"
}
]
}
}
]
},
"vendor_name": "stefanberger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm\u0027s state, where the blobheader\u0027s hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw",
"refsource": "CONFIRM",
"url": "https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw"
},
{
"name": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.5.3"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.6.2"
},
{
"name": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1",
"refsource": "MISC",
"url": "https://github.com/stefanberger/swtpm/releases/tag/v0.7.1"
},
{
"name": "FEDORA-2022-12443a525c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/"
}
]
},
"source": {
"advisory": "GHSA-2qgm-8xf4-3hqw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23645",
"datePublished": "2022-02-18T20:50:10.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:02:38.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}