VYPR

libtpms

by Libtpms

CVEs (4)

  • CVE-2021-3746MedOct 19, 2021
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat…

  • CVE-2021-3569MedJun 3, 2021
    risk 0.36cvss 5.5epss 0.00

    A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.

  • CVE-2021-3446MedMar 25, 2021
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the…

  • CVE-2021-3623MedMar 2, 2022
    risk 0.00cvss 6.1epss 0.00

    A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this…