CVE-2023-32690

Summary: libspdm (DMTF SPDM) prior to versions 2.3.3 and 3.0 stores the responder’s CTExponent after a CAPABILITIES response without validation. If a cryptographic operation is later requested (e.g., CHALLENGE), the requester uses the unvalidated CTExponent to compute a timeout, enabling potentia...

CVE-2023-31127

The connected sources describe CVE-2023-31127 in libspdm: a vulnerability in SPDM session establishment where, if a device supports both DHE and PSK sessions with mutual authentication, an attacker could establish a session via KEY_EXCHANGE and PSK_FINISH to bypass mutual authentication. Affected...