5.5

CVE-2022-23951

Exploit
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KeylimeKeylime Version < 6.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.334
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://seclists.org/oss-sec/2022/q1/101
Patch
Third Party Advisory
Exploit
Mailing List
https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355
Patch
Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2
Third Party Advisory