CVE-2023-32690

low-risk

Published 2023-06-01

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.7/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Libspdm

Affected Vendors

Dmtf

References (6)

Patch https://github.com/DMTF/libspdm/issues/2068

Patch https://github.com/DMTF/libspdm/pull/2069

Vendor Advisory https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c

Patch https://github.com/DMTF/libspdm/issues/2068

Patch https://github.com/DMTF/libspdm/pull/2069

Vendor Advisory https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal