Количество 8
Количество 8
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.
CVE-2024-29040
CVE-2024-29040
This repository hosts source code implementing the Trusted Computing G ...
SUSE-SU-2024:1635-1
Security update for tpm2-0-tss
BDU:2024-04481
Уязвимость функций TPM2_GENERATED_VALUE() реализации TCG TPM2 TPM2 Software Stack, связанная с неправильной проверкой ввода, позволяющая нарушителю генерировать произвольные данные котировок, которые не могут быть обнаружены Fapi_VerifyQuote
ROS-20240611-02
Множественные уязвимости tpm2-tss
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-29040 This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-29040 This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | CVSS3: 4.4 | 0% Низкий | около 1 года назад |
 | CVE-2024-29040 This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
 | CVSS3: 4.3 | 0% Низкий | 9 месяцев назад | |
| CVE-2024-29040 This repository hosts source code implementing the Trusted Computing G ... | CVSS3: 4.3 | 0% Низкий | 12 месяцев назад |
 | SUSE-SU-2024:1635-1 Security update for tpm2-0-tss | 0% Низкий | около 1 года назад | |
 | BDU:2024-04481 Уязвимость функций TPM2_GENERATED_VALUE() реализации TCG TPM2 TPM2 Software Stack, связанная с неправильной проверкой ввода, позволяющая нарушителю генерировать произвольные данные котировок, которые не могут быть обнаружены Fapi_VerifyQuote | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
 | ROS-20240611-02 Множественные уязвимости tpm2-tss | CVSS3: 6.4 | около 1 года назад |
Уязвимостей на страницу