MGASA-2023-0050
- Source
- https://advisories.mageia.org/MGASA-2023-0050.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0050.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2023-0050
- Related
- Published
- 2023-02-14T22:43:23Z
- Modified
- 2023-02-14T21:37:19Z
- Summary
- Updated tpm2-tss packages fix security vulnerability
- Details
-
Tss2RCSetHandler and Tss2RCDecode both index into layerhandler with an 8 bit layer number, but the array only has TPM2ERRORTSS2RCLAYERCOUNT entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. (CVE-2023-22745)
- References
-
- https://advisories.mageia.org/MGASA-2023-0050.html
- https://bugs.mageia.org/show_bug.cgi?id=31532
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDNOV2RNQ7XMOQZ3PV7PHYP2FMJHV2AB/
- https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / tpm2-tss
Package
- Name
- tpm2-tss
- Purl
- pkg:rpm/mageia/tpm2-tss?distro=mageia-8