Vulnerabilities > CVE-2021-3569 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

libtpms-project

redhat

CWE-787

NVD

Published: 2021-06-03

Updated: 2022-10-07

Summary

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Libtpms_Project Libtpms Project Libtpms 0.7.3 Libtpms Project Libtpms 0.7.4 Libtpms Project Libtpms 0.7.5 Libtpms Project Libtpms 0.7.6 Libtpms Project Libtpms 0.7.7 Libtpms Project Libtpms 0.7.8 Libtpms Project Libtpms - Libtpms Project Libtpms 0.5.2 Libtpms Project Libtpms 0.5.2.1 Libtpms Project Libtpms 0.6.0 Libtpms Project Libtpms 0.6.1 Libtpms Project Libtpms 0.6.2 Libtpms Project Libtpms 0.6.3 Libtpms Project Libtpms 0.6.4 Libtpms Project Libtpms 0.6.5 Libtpms Project Libtpms 0.7.0 Libtpms Project Libtpms 0.7.1	17
OS	Redhat Redhat Enterprise Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://bugzilla.redhat.com/show_bug.cgi?id=1964358