CVE-2022-23951
First published: Wed Sep 21 2022(Updated: )
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Keylime Keylime | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability identifier for this Keylime vulnerability?
The vulnerability identifier for this Keylime vulnerability is CVE-2022-23951.
What is the impact of CVE-2022-23951?
CVE-2022-23951 can lead to zip bombs, potentially causing denial of service or resource exhaustion.
What is the severity of CVE-2022-23951?
The severity of CVE-2022-23951 is rated as medium with a CVSS score of 5.5.
How can I fix CVE-2022-23951 in Keylime?
To fix CVE-2022-23951 in Keylime, update to version 6.3.0 or later.
Where can I find more information about CVE-2022-23951?
You can find more information about CVE-2022-23951 on the Keylime GitHub advisory page and the OSS Security mailing list.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/keylime
- canonical/keylime keylime