VYPR

libspdm

by DMTF

CVEs (2)

  • CVE-2023-32690MedJun 1, 2023
    risk 0.00cvss 5.7epss 0.01

    libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a…

  • CVE-2023-31127CriMay 8, 2023
    risk 0.00cvss 9.0epss 0.01

    libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may…