{"id":"MGASA-2023-0050","summary":"Updated tpm2-tss packages fix security vulnerability","details":"Tss2_RC_SetHandler and Tss2_RC_Decode both index into layer_handler with\nan 8 bit layer number, but the array only has\nTPM2_ERROR_TSS2_RC_LAYER_COUNT entries, so trying to add a handler for\nhigher-numbered layers or decode a response code with such a layer number\nreads/writes past the end of the buffer. (CVE-2023-22745)\n","modified":"2026-04-16T04:41:42.206464785Z","published":"2023-02-14T22:43:23Z","upstream":["CVE-2023-22745"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0050.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31532"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDNOV2RNQ7XMOQZ3PV7PHYP2FMJHV2AB/"},{"type":"ADVISORY","url":"https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67"}],"affected":[{"package":{"name":"tpm2-tss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/tpm2-tss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0050.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}