Design/Logic Flaw

2022-09-2119:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.

CPENameOperatorVersion
keylimelt6.3.0

CPE	Name	Operator	Version
	keylime	lt	6.3.0

References

github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355

github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2

seclists.org/oss-sec/2022/q1/101