CVE-2021-3746

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3746
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3746.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3746
Related
Published
2021-10-19T15:15:08Z
Modified
2025-01-08T08:12:51.650463Z
Downstream
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.

References

Affected packages

Debian:12 / libtpms

Package

Name
libtpms
Purl
pkg:deb/debian/libtpms?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libtpms

Package

Name
libtpms
Purl
pkg:deb/debian/libtpms?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/stefanberger/libtpms

Affected ranges

Type
GIT
Repo
https://github.com/stefanberger/libtpms
Events
Introduced
0b60a4479009c9aa98210fac763a536fefd9228b
Fixed
24adfb75804f573c63f16b3065165754dddfb1f7

Affected versions

v0.*

v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5