rpm package
opensuse/swtpm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/swtpm&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28407 | — | < 0.6.1-1.1 | 0.6.1-1.1 | Nov 3, 2023 | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | ||
| CVE-2022-23645 | — | < 0.7.1-1.1 | 0.7.1-1.1 | Feb 18, 2022 | swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid valu |
- CVE-2020-28407Nov 3, 2023affected < 0.6.1-1.1fixed 0.6.1-1.1
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
- CVE-2022-23645Feb 18, 2022affected < 0.7.1-1.1fixed 0.7.1-1.1
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid valu