{"vulnerability": "CVE-2023-43632", "sightings": [{"uuid": "104ea24c-7a8b-405e-9336-9c36c2ab4d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43632", "type": "seen", "source": "https://t.me/cibsecurity/70893", "content": "\u203c CVE-2023-43632 \u203c\n\nAs noted in the \u00e2\u20ac\u0153VTPM.md\u00e2\u20ac\ufffd file in the eve documentation, \u00e2\u20ac\u0153VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options\u00e2\u20ac\ufffdThe communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function \u00e2\u20ac\u0153handleRequest\u00e2\u20ac\ufffd this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the \u00e2\u20ac\u0153vtpm_server\u00e2\u20ac\ufffd processwhich has very high privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T18:31:05.000000Z"}]}