зеркало из https://github.com/golang/vulndb.git
60 строки
1.4 KiB
JSON
60 строки
1.4 KiB
JSON
{
|
|
"id": "GO-2021-0095",
|
|
"published": "2021-04-14T20:04:52Z",
|
|
"modified": "0001-01-01T00:00:00Z",
|
|
"aliases": [
|
|
"CVE-2020-8918",
|
|
"GHSA-5x29-3hr9-6wpw"
|
|
],
|
|
"details": "Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted, allowing them to use the created key.",
|
|
"affected": [
|
|
{
|
|
"package": {
|
|
"name": "github.com/google/go-tpm",
|
|
"ecosystem": "Go"
|
|
},
|
|
"ranges": [
|
|
{
|
|
"type": "SEMVER",
|
|
"events": [
|
|
{
|
|
"introduced": "0"
|
|
},
|
|
{
|
|
"fixed": "0.3.0"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"database_specific": {
|
|
"url": "https://pkg.go.dev/vuln/GO-2021-0095"
|
|
},
|
|
"ecosystem_specific": {
|
|
"imports": [
|
|
{
|
|
"path": "github.com/google/go-tpm/tpm",
|
|
"symbols": [
|
|
"CreateWrapKey"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"type": "FIX",
|
|
"url": "https://github.com/google/go-tpm/pull/195"
|
|
},
|
|
{
|
|
"type": "FIX",
|
|
"url": "https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"name": "Chris Fenner"
|
|
}
|
|
],
|
|
"schema_version": "1.3.1"
|
|
} |