reports/GO-2021-0095.toml - vulndb - Git at Google

 module = "github.com/google/go-tpm"
 package = "github.com/google/go-tpm/tpm"

 description = """
 Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
 is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
 allowing them to use the created key.
 """

 cve = "CVE-2020-8918"

 credit = "Chris Fenner"

 symbols = ["CreateWrapKey"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v0.3.0"

 [links]
 commit = "https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141"
 pr = "https://github.com/google/go-tpm/pull/195"
 context = ["https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw"]
	module = "github.com/google/go-tpm"
	package = "github.com/google/go-tpm/tpm"

	description = """
	Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
	is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
	allowing them to use the created key.
	"""

	cve = "CVE-2020-8918"

	credit = "Chris Fenner"

	symbols = ["CreateWrapKey"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v0.3.0"

	[links]
	commit = "https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141"
	pr = "https://github.com/google/go-tpm/pull/195"
	context = ["https://github.com/google/go-tpm/security/advisories/GHSA-5x29-3hr9-6wpw"]