Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-32690
HistoryJun 01, 2023 - 5:15 p.m.

Input validation

2023-06-0117:15:00
PRIOn knowledge base
www.prio-n.com
2
input validation
dmtf spdm
cryptography operation
timeout
patch
workaround
ctexponent
vca
communication
responder
requester
nvd

0.002 Low

EPSS

Percentile

55.7%

JSON

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder’s CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder’s unvalidated CTExponent.

A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder’s CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder.

CPENameOperatorVersion
libspdmlt2.3.3

Related

cve 1
osv 1
cvelist 1
nvd 1
cve
cve
CVE-2023-32690
2023-06-01 17:15:09
osv
osv
CVE-2023-32690
2023-06-01 17:15:09
cvelist
cvelist
CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester
2023-06-01 16:15:21
nvd
nvd
CVE-2023-32690
2023-06-01 17:15:09

0.002 Low

EPSS

Percentile

55.7%

JSON
Related for PRION:CVE-2023-32690
cve1osv1cvelist1nvd1