libtpms
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Library providing a software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0) |
| Version | 0.10.0-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2327 | 0.8.4-1 | 0.8.5-1 | Medium | Fixed | |
| AVG-2108 | 0.8.3-1 | 0.8.4-1 | Medium | Fixed | |
| AVG-1832 | 0.7.5-1 | 0.8.0-1 | Medium | Fixed | |
| AVG-1700 | 0.8.1-1 | 0.8.2-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3746 | AVG-2327 | Medium | No | Arbitrary code execution | A bug was discovered in libtpms before version 0.8.5 that may cause access beyond the boundary of internal buffers. The vulnerability can be triggered by... |
| CVE-2021-3623 | AVG-2108 | Medium | No | Information disclosure | A security issue was found in libtpms before version 0.8.4. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values... |
| CVE-2021-3505 | AVG-1832 | Medium | Yes | Private key recovery | A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG... |
| CVE-2021-3446 | AVG-1700 | High | No | Incorrect calculation | The commonly used integration of libtpms before version 0.8.2 with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 01 Jul 2021 | ASA-202107-9 | AVG-2108 | Medium | information disclosure |