5.5
CVSSv3

CVE-2022-23951

Published: 21/09/2022 Updated: 22/09/2022
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

Vulnerability Summary

In Keylime prior to 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

keylime keylime

Mailing Lists

Hello list, I have been reviewing the Keylime TPM remote attestation solution [1] which resulted in a number of security related findings, including an arbitrary remote code execution in the Keylime Agent component The upstream project published security advisories, fixes and an update strategy to Keylime version 63X today Please find the deta ...