Freely Allocate Buffer on The Stack With Data From Socket
CVE-2023-43632

9CRITICAL

Key Information:

Vendor: Lf-edge, Zededa
Status: Eve Os
Vendor: CVE Published:; 21 September 2023

🔔 Create Lf-edge, Zededa Vulnerability Alert

What is CVE-2023-43632?

The VTPM server in EVE poses a significant security risk through a stack overflow vulnerability. This server, which operates on port 8877, supports limited TPM functionality for clients. It accepts protobuf communications, where a malicious actor can exploit a flaw in memory allocation during a request handling process. By sending crafted data, an attacker manipulates the allocated stack size, leading to potential control over the high-privileged 'vtpm_server' process or even crashing the system, exposing serious implications for security and stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EVE OS 3.0.0 < 9.5.0

References

https://asrg.io/security-advisories/cve-2023-43632/

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2023
Vulnerability Reserved
Sep 20, 2023

Credit

Ilay Levi

JSON

Lf-edge, Zededa

What is CVE-2023-43632?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.