libtpms

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library providing a software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)
Version 0.9.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2327 0.8.4-1 0.8.5-1 Medium Fixed
AVG-2108 0.8.3-1 0.8.4-1 Medium Fixed
AVG-1832 0.7.5-1 0.8.0-1 Medium Fixed
AVG-1700 0.8.1-1 0.8.2-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-3746 AVG-2327 Medium No Arbitrary code execution
A bug was discovered in libtpms before version 0.8.5 that may cause access beyond the boundary of internal buffers. The vulnerability can be triggered by...
CVE-2021-3623 AVG-2108 Medium No Information disclosure
A security issue was found in libtpms before version 0.8.4. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values...
CVE-2021-3505 AVG-1832 Medium Yes Private key recovery
A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG...
CVE-2021-3446 AVG-1700 High No Incorrect calculation
The commonly used integration of libtpms before version 0.8.2 with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when...

Advisories

Date Advisory Group Severity Type
01 Jul 2021 ASA-202107-9 AVG-2108 Medium information disclosure