Vulnerability Details CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.5%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355
- https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2
- https://seclists.org/oss-sec/2022/q1/101
- https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355
- https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2
- https://seclists.org/oss-sec/2022/q1/101
Products affected by CVE-2022-23951
-
cpe:2.3:a:keylime:keylime:-
-
cpe:2.3:a:keylime:keylime:2.0
-
cpe:2.3:a:keylime:keylime:2.1
-
cpe:2.3:a:keylime:keylime:2.1.1
-
cpe:2.3:a:keylime:keylime:2.2
-
cpe:2.3:a:keylime:keylime:2.3
-
cpe:2.3:a:keylime:keylime:2.3.1
-
cpe:2.3:a:keylime:keylime:2.3.2
-
cpe:2.3:a:keylime:keylime:2.3.3
-
cpe:2.3:a:keylime:keylime:2.3.4
-
cpe:2.3:a:keylime:keylime:3.0.0
-
cpe:2.3:a:keylime:keylime:3.1.0
-
cpe:2.3:a:keylime:keylime:3.1.1
-
cpe:2.3:a:keylime:keylime:4.0.0
-
cpe:2.3:a:keylime:keylime:4.0.1
-
cpe:2.3:a:keylime:keylime:5.0.0
-
cpe:2.3:a:keylime:keylime:5.1.0
-
cpe:2.3:a:keylime:keylime:5.2.0
-
cpe:2.3:a:keylime:keylime:5.3.0
-
cpe:2.3:a:keylime:keylime:5.3.1
-
cpe:2.3:a:keylime:keylime:5.4.0
-
cpe:2.3:a:keylime:keylime:5.4.1
-
cpe:2.3:a:keylime:keylime:5.5.0
-
cpe:2.3:a:keylime:keylime:5.6.0
-
cpe:2.3:a:keylime:keylime:5.6.1
-
cpe:2.3:a:keylime:keylime:5.6.2
-
cpe:2.3:a:keylime:keylime:5.7.0
-
cpe:2.3:a:keylime:keylime:5.7.1
-
cpe:2.3:a:keylime:keylime:5.7.2
-
cpe:2.3:a:keylime:keylime:5.7.3
-
cpe:2.3:a:keylime:keylime:5.8.0
-
cpe:2.3:a:keylime:keylime:5.8.1
-
cpe:2.3:a:keylime:keylime:6.0.0
-
cpe:2.3:a:keylime:keylime:6.0.1
-
cpe:2.3:a:keylime:keylime:6.1.0
-
cpe:2.3:a:keylime:keylime:6.1.1
-
cpe:2.3:a:keylime:keylime:6.2.0
-
cpe:2.3:a:keylime:keylime:6.2.1