5.5
CVE-2023-1018
- EPSS 0.25%
- Published 28.02.2023 18:15:10
- Last modified 07.03.2025 19:15:33
- Source cret@cert.org
- Teams watchlist Login
- Open Login
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
Data is provided by the National Vulnerability Database (NVD)
Trustedcomputinggroup ≫ Trusted Platform Module Version2.0 Updaterevision_1.16
Trustedcomputinggroup ≫ Trusted Platform Module Version2.0 Updaterevision_1.38
Trustedcomputinggroup ≫ Trusted Platform Module Version2.0 Updaterevision_1.59
Microsoft ≫ Windows 10 1507 HwPlatformx64 Version < 10.0.10240.19805
Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.5786
Microsoft ≫ Windows 10 1809 HwPlatformx64 Version < 10.0.17763.4131
Microsoft ≫ Windows 10 20h2 HwPlatformx64 Version < 10.0.19042.2728
Microsoft ≫ Windows 10 21h2 HwPlatformx64 Version < 10.0.19044.2728
Microsoft ≫ Windows 10 22h2 HwPlatformx64 Version < 10.0.19045.2728
Microsoft ≫ Windows 11 21h2 HwPlatformx64 Version < 10.0.22000.1696
Microsoft ≫ Windows 11 22h2 HwPlatformx64 Version < 10.0.22621.1413
Microsoft ≫ Windows Server 2016 Version < 10.0.14393.5786
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.4131
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.1607
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.482 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.