---

CVE-2021-3623 - log back

CVE-2021-3623 edited at 28 Jun 2021 11:57:27

References

https://bugzilla.redhat.com/show_bug.cgi?id=1976806 https://github.com/stefanberger/libtpms/pull/223 https://github.com/stefanberger/libtpms/pull/225 - https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 - https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 - https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e + https://github.com/stefanberger/libtpms/commit/f16250b35aff6995e540143a9858c9cf0d1f9573 + https://github.com/stefanberger/libtpms/commit/3ef9b26cb9f28bd64d738bff9505a20d4eb56acd + https://github.com/stefanberger/libtpms/commit/5cc98a62dc6f204dcf5b87c2ee83ac742a6a319b

CVE-2021-3623 edited at 28 Jun 2021 11:55:08
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ A security issue was found in libtpms before version 0.8.4. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1976806 + https://github.com/stefanberger/libtpms/pull/223 + https://github.com/stefanberger/libtpms/pull/225 + https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 + https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 + https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
Notes

CVE-2021-3623 created at 28 Jun 2021 11:52:45