exploitDog

CVE-2022-23951

Опубликовано: 21 сент. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.

Ссылки

https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355
Patch
Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2
Third Party Advisory
https://seclists.org/oss-sec/2022/q1/101
Exploit
Mailing List
Patch
Third Party Advisory
https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355
Patch
Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2
Third Party Advisory
https://seclists.org/oss-sec/2022/q1/101
Exploit
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Версия до 6.3.0 (исключая)

EPSS

Процентиль: 20%

0.00064

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-23951

CVSS3: 5.5

ubuntu

больше 3 лет назад

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.

EPSS

Процентиль: 20%

0.00064

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo