CVE-2023-43632

Name of the Vulnerable Software and Affected Versions EVE (affected versions not specified)

Description The issue concerns a server listening on port 8877 in EVE, exposing limited functionality of the TPM to clients. This server, known as VTPM, allows clients to execute tpm2-tools binaries from a list of hardcoded options. The communication with this server is done using protobuf, and the data is comprised of two parts: a header and data. When a connection is made, the server waits for 4 bytes of data, which will be the header, and these 4 bytes are parsed as uint32 size of the actual data to come. Then, in the function handleRequest, this size is used to allocate a payload on the stack for the incoming data. As this payload is allocated on the stack, this will allow overflowing the stack size allocated for the relevant process with freely controlled data. An attacker can crash the system or gain control over the system, specifically on the vtpm server process, which has very high privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.