ByteOS Network

CVE Vulnerability Details :

CVE-2023-1018

PUBLISHED

More Info Official Page

Assigner-certcc

Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b

Published At-28 Feb, 2023 | 17:54

Updated At-04 Nov, 2025 | 19:14

▼CVE Numbering Authority (CNA)

TPM2.0 vulnerable to out-of-bounds read

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Affected Products

Vendor

Trusted Computing Group

Product

TPM2.0

Versions

Affected

1.59

Vendor

Trusted Computing Group

Product

TPM2.0

Versions

Affected

1.38

Vendor

Trusted Computing Group

Product

TPM2.0

Versions

Affected

1.16

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-125 Out-of-bounds Read

Type: N/A

CWE ID: N/A

Description: CWE-125 Out-of-bounds Read

Credits

finder

Francisco Falcon of Quarkslab

References

Hyperlink	Resource
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf	N/A
https://trustedcomputinggroup.org/about/security/	N/A
https://kb.cert.org/vuls/id/782720	N/A

Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf

Resource: N/A

Hyperlink: https://trustedcomputinggroup.org/about/security/

Resource: N/A

Hyperlink: https://kb.cert.org/vuls/id/782720

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf	x_transferred
https://trustedcomputinggroup.org/about/security/	x_transferred
https://kb.cert.org/vuls/id/782720	x_transferred
https://www.kb.cert.org/vuls/id/782720	N/A

Hyperlink: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf

Resource:

x_transferred

Hyperlink: https://trustedcomputinggroup.org/about/security/

Resource:

x_transferred

Hyperlink: https://kb.cert.org/vuls/id/782720

Resource:

x_transferred

Hyperlink: https://www.kb.cert.org/vuls/id/782720

Resource: N/A

2. CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References