blob: 525e346aa50e34045f30400d48095b4051671521 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2021-0095",
"modified": "0001-01-01T00:00:00Z",
"published": "2021-04-14T20:04:52Z",
"aliases": [
"CVE-2020-8918",
"GHSA-5x29-3hr9-6wpw"
],
"summary": "Sensitive information exposure in github.com/google/go-tpm",
"details": "Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted, allowing them to use the created key.",
"affected": [
{
"package": {
"name": "github.com/google/go-tpm",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/google/go-tpm/tpm",
"symbols": [
"CreateWrapKey"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/google/go-tpm/pull/195"
},
{
"type": "FIX",
"url": "https://github.com/google/go-tpm/commit/d7806cce857a1a020190c03348e5361725d8f141"
}
],
"credits": [
{
"name": "Chris Fenner"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2021-0095",
"review_status": "REVIEWED"
}
}