| { |
| "id": "GO-2021-0095", |
| "published": "2021-04-14T20:04:52Z", |
| "modified": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2020-8918", |
| "GHSA-5x29-3hr9-6wpw" |
| ], |
| "details": "Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport\nis able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,\nallowing them to use the created key.\n", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/google/go-tpm", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.3.0" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2021-0095" |
| }, |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/google/go-tpm/tpm", |
| "symbols": [ |
| "CreateWrapKey" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/google/go-tpm/pull/195" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw" |
| } |
| ] |
| } |
