Dgarske

**Name of the Vulnerable Software and Affected Versions** wolfTPM2 (affected versions not specified) **Description** Exporting a TPM based RSA key larger than 2048 bits from the TPM could lead to a stack buffer overflow if the default `MAX RSA KEY BITS=2048` is used. This issue occurs when the `wolfTPM2 RsaKey TpmToWolf` function is called on RSA private or public keys larger than 2048 bits, provided the TPM 2.0 module supports RSA key sizes exceeding 2048 bits. A stack buffer overflow is not possible if the `MAX RSA KEY BITS` build-time macro is correctly configured to match the hardware target's RSA key size capabilities. **Recommendations** Ensure the `MAX RSA KEY BITS` build-time macro is set correctly to match the RSA key size capabilities of the target hardware. At the moment, there is no information about a newer version that contains a fix for this vulnerability.