VYPR

swtpm

by swtpm

Source repositories

CVEs (2)

  • CVE-2020-28407Nov 3, 2023
    risk 0.00cvss epss 0.00

    In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

  • CVE-2022-23645Feb 18, 2022
    risk 0.00cvss epss 0.00

    swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid…