Lucene search
Veracode Vulnerability DatabaseVERACODE:33987HistoryFeb 03, 2022 - 8:32 a.m.
Insecure Remote Attestation
2022-02-0308:32:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.0004 Low
EPSS
Percentile
5.1%
github.com/google/go-attestation is vulnerable to insecure remote attestation. The use code generated from Platform Configuration Register (PCR) in trusted platform module (TPM) allows a local attacker who performs TCG log in Eventlog.Verify to spoof events in the TCG log and bypassing the method AKPublic.Verify to defeat remotely attested measured-boot.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/google/go-attestation | le | v0.3.2 | |
| github.com/google/go-attestation | le | v0.3.2 |
Related
nvd
nvd
CVE-2022-0317
2022-02-04 23:15:12
github
github
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
2022-02-01 00:43:17
osv
osv
Improper input validation in github.com/google/go-attestation
2022-07-15 23:27:21
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
2022-02-01 00:43:17
cve
cve
CVE-2022-0317
2022-02-04 23:15:12
cvelist
cvelist
CVE-2022-0317 Improper Input Validation in AKPublic.Verify in go-attestation
2022-01-25 00:00:00
prion
prion
Input validation
2022-02-04 23:15:00