Lucene search

K
cvelistCertccCVELIST:CVE-2023-1018
HistoryFeb 28, 2023 - 5:54 p.m.

CVE-2023-1018 TPM2.0 vulnerable to out-of-bounds read

2023-02-2817:54:33
certcc
www.cve.org

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

An out-of-bounds read vulnerability exists in TPM2.0’s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

CNA Affected

[
  {
    "vendor": "Trusted Computing Group",
    "product": "TPM2.0",
    "versions": [
      {
        "status": "affected",
        "version": "1.59"
      }
    ]
  },
  {
    "vendor": "Trusted Computing Group",
    "product": "TPM2.0",
    "versions": [
      {
        "status": "affected",
        "version": "1.38"
      }
    ]
  },
  {
    "vendor": "Trusted Computing Group",
    "product": "TPM2.0",
    "versions": [
      {
        "status": "affected",
        "version": "1.16"
      }
    ]
  }
]