CVE-2021-3565 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Man-in-the-middle
Description	A security issue was found in tpm2-tools before version 5.1.1. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a man-in-the-middle (MITM) attacker to unwrap the inner portion and reveal the key being imported.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1986	tpm2-tools	5.1-1	5.1.1-1	Low	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Jun 2021	ASA-202106-55	AVG-1986	tpm2-tools	Low	man-in-the-middle

References
https://bugzilla.redhat.com/show_bug.cgi?id=1964427 https://github.com/tpm2-software/tpm2-tools/issues/2738 https://github.com/tpm2-software/tpm2-tools/pull/2739 https://github.com/tpm2-software/tpm2-tools/commit/47b3b6e6fffed7080a2f1ce7673207ea44823ef7

References

https://bugzilla.redhat.com/show_bug.cgi?id=1964427
https://github.com/tpm2-software/tpm2-tools/issues/2738
https://github.com/tpm2-software/tpm2-tools/pull/2739
https://github.com/tpm2-software/tpm2-tools/commit/47b3b6e6fffed7080a2f1ce7673207ea44823ef7