CVE-2021-3746 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A bug was discovered in libtpms before version 0.8.5 that may cause access beyond the boundary of internal buffers. The vulnerability can be triggered by specially-crafted TPM 2 command packets that then trigger the issue when the state of the TPM 2's volatile state is marshalled/written.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2327	libtpms	0.8.4-1	0.8.5-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1998588 https://github.com/stefanberger/libtpms/pull/237 https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b

References

https://bugzilla.redhat.com/show_bug.cgi?id=1998588
https://github.com/stefanberger/libtpms/pull/237
https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab
https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b