PT-2021-20813 · Libtpms · Libtpms

Fishilicoo

Published

2021-04-19

Updated

2022-09-23

CVE-2021-3505

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: libtpms versions prior to 0.8.0

Description: A flaw was found in the TPM 2 implementation of libtpms, where it returns 2048 bit keys with approximately 1984 bit strength due to a bug in the TCG specification. The issue lies in the key creation algorithm, specifically in the RsaAdjustPrimeCandidate() function, which is called before the prime number check. This poses a significant threat to data confidentiality.

Recommendations: For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

CVE-2021-3505

MGASA-2021-0590

OESA-2022-1959

OPENSUSE-SU-2024:11004-1

Affected Products

Libtpms

PT-2021-20813 · Libtpms · Libtpms

CVE-2021-3505

Weakness Enumeration

Related Identifiers

Affected Products

References · 20