| id: GO-2026-4430 |
| modules: |
| - module: github.com/lf-edge/eve |
| versions: |
| - fixed: 0.0.0-20230126065759-d9383a7ee4e1 |
| summary: EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve |
| cves: |
| - CVE-2023-43630 |
| ghsas: |
| - GHSA-phcg-h58r-gmcq |
| references: |
| - advisory: https://github.com/lf-edge/eve/security/advisories/GHSA-phcg-h58r-gmcq |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-43630 |
| - fix: https://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a |
| - web: https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts |
| - web: https://asrg.io/security-advisories/cve-2023-43630 |
| - web: https://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications |
| notes: |
| - fix: 'github.com/lf-edge/eve: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' |
| source: |
| id: GHSA-phcg-h58r-gmcq |
| created: 2026-02-04T17:35:35.178975844-05:00 |
| review_status: UNREVIEWED |
