11 matches found
EUVD-2022-0934
Malicious code in bioql PyPI...
CVE-2022-0317
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
CVE-2022-0317
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
Input validation
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
CVE-2022-0317 Improper Input Validation in AKPublic.Verify in go-attestation
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
CVE-2022-0317
The CVE-2022-0317 issue affects go-attestation prior to 0.4.0. A local attacker can craft a malicious Quote with no/some PCRs that makes AKPublic.Verify succeed, then reuse the same PCR set in Eventlog.Verify to spoof TCG log events and defeat remotely-attested measured-boot. Public advisories (G...
CVE-2022-0317 Improper Input Validation in AKPublic.Verify in go-attestation
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
go-attestation 输入验证错误漏洞
Go-Attestation is used to abstract remote authentication operations across a variety of platforms and tpm's, thus enabling remote verification of computer identifiers and state. A security vulnerability existed prior to go-attestation 0.3.3 that allowed a local user to provide a maliciously...
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
GHSA-99CG-575X-774P Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Impact An improper input validation vulnerability in go-attestation before 0.4.0 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the...
go-attestation:parse_ek_certificate_fuzzer: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=6279937533411328 Project: go-attestation Fuzzing Engine: libFuzzer Fuzz Target: parseekcertificatefuzzer Job Type: libfuzzerasango-attestation Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000995166a Crash State: NULL Sanitizer:...