CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

GHSA-9R4W-JG96-92MV Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

6.8CVSS5.6AI score

Exploits0References5

Github Security Blog•added last week•6 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

5.5AI score

Exploits0References5Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-0934

Malicious code in bioql PyPI...

4CVSS4.7AI score0.00095EPSS

Exploits0References5

OSV•added 2022/02/04 11:15 p.m.•3 views

CVE-2022-0317

An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...

3.3CVSS5.8AI score0.00095EPSS

Exploits0References1

NVD•added 2022/02/04 11:15 p.m.•20 views

CVE-2022-0317

4CVSS0.00095EPSS

Exploits0References1

Prion•added 2022/02/04 11:15 p.m.•17 views

Input validation

2.1CVSS3.9AI score0.00095EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/02/04 10:33 p.m.•20 views

CVE-2022-0317 Improper Input Validation in AKPublic.Verify in go-attestation

4CVSS4.5AI score0.00095EPSS

Exploits0References1

Vulnrichment•added 2022/02/04 10:33 p.m.•10 views

CVE-2022-0317 Improper Input Validation in AKPublic.Verify in go-attestation

4CVSS4.1AI score0.00095EPSS

Exploits0References1

CVE•added 2022/02/04 10:33 p.m.•72 views

CVE-2022-0317

The CVE-2022-0317 issue affects go-attestation prior to 0.4.0. A local attacker can craft a malicious Quote with no/some PCRs that makes AKPublic.Verify succeed, then reuse the same PCR set in Eventlog.Verify to spoof TCG log events and defeat remotely-attested measured-boot. Public advisories (G...

4CVSS3.6AI score0.00095EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/02/04 12:0 a.m.•3 views

go-attestation 输入验证错误漏洞

Go-Attestation is used to abstract remote authentication operations across a variety of platforms and tpm's, thus enabling remote verification of computer identifiers and state. A security vulnerability existed prior to go-attestation 0.3.3 that allowed a local user to provide a maliciously...

4CVSS5.1AI score0.00095EPSS

Exploits0References2

OSV•added 2022/02/01 12:43 a.m.•15 views

GHSA-99CG-575X-774P Go-Attestation Improper Input Validation with attacker-controlled TPM Quote

Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...

4CVSS3.7AI score0.00095EPSS

Exploits0References5

Github Security Blog•added 2022/02/01 12:43 a.m.•31 views

Go-Attestation Improper Input Validation with attacker-controlled TPM Quote

4CVSS4.4AI score0.00095EPSS

Exploits0References5Affected Software1

ossfuzz•added 2020/03/01 6:20 a.m.•16 views

go-attestation:parse_ek_certificate_fuzzer: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=6279937533411328 Project: go-attestation Fuzzing Engine: libFuzzer Fuzz Target: parseekcertificatefuzzer Job Type: libfuzzerasango-attestation Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000995166a Crash State: NULL Sanitizer:...

6.8AI score

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by