PYSEC-2022-42995

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2022-42995.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-42995

Aliases

CVE-2022-3500
GHSA-hff2-x2j9-gxgv

Published

2022-11-22T19:15:00Z

Modified

2023-11-08T04:09:49.807027Z

Summary

[none]

Details

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

References

https://github.com/keylime/keylime/pull/1128
https://access.redhat.com/security/cve/CVE-2022-3500

Affected packages

PyPI / keylime

Package

Name: keylime; View open source insights on deps.dev
Purl: pkg:pypi/keylime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.1

Affected versions

6.*

6.3.1

6.3.2

6.4.0

6.4.1

6.4.2

6.4.3

6.5.0