PT-2023-5344 · Libspdm · Libspdm
Published
2023-06-01
·
Updated
2025-06-27
·
CVE-2023-32690
7.8
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
libspdm versions prior to 2.3.3
libspdm versions prior to 3.0
Description:
The issue arises due to insufficient validation of input data in the libspdm library. This can be exploited by a remote attacker to cause a denial of service. When a libspdm Requester receives a successful CAPABILITIES response, it stores the Responder's CTExponent without validation. If the Requester then sends a request that requires a cryptography operation, such as a CHALLENGE, it calculates the timeout value using the unvalidated CTExponent.
Recommendations:
For versions prior to 2.3.3, update to version 2.3.3 to apply the patch.
For versions prior to 3.0, consider applying the available workaround: after completing VCA, check the value of the Responder's CTExponent, and if it is greater than or equal to 64, stop communication with the Responder.
As a temporary workaround, consider restricting the use of the CTExponent value in the Requester's context until a patch is available.
Fix
RCE
Weakness Enumeration
Related Identifiers
Affected Products
References · 9
- https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c⭐ 116 🔗 106 · Vendor Advisory
- https://github.com/DMTF/libspdm/pull/2069⭐ 116 🔗 106 · Patch
- https://github.com/DMTF/libspdm/issues/2068⭐ 116 🔗 106 · Patch
- https://nvd.nist.gov/vuln/detail/CVE-2023-32690 · Security Note
- https://osv.dev/vulnerability/CVE-2023-32690 · Vendor Advisory
- https://bdu.fstec.ru/vul/2023-05972 · Security Note
- https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c,%20https://github.com/DMTF/libspdm/issues/2068,%20https://github.com/DMTF/libspdm/pull/2069⭐ 116 🔗 106 · Note
- https://twitter.com/dailycve/status/1938729068913930430 · Twitter Post
- https://t.me/cvenotify/51577 · Telegram Post