[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-23645":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":41,"related":42,"reserved_at":9,"published_at":46,"modified_at":47,"state":48,"summary":49,"references_raw":58,"kevs":91,"epss":92,"epss_history":95,"metrics":363,"affected":379},"CVE-2022-23645","swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39],{"_key":28},"RHSA-2022:7472",{"_key":30},"RHSA-2022:8100",{"_key":32},"UBUNTU-CVE-2022-23645",{"_key":34},"SUSE-SU-2022:1297-1",{"_key":36},"OPENSUSE-SU-2024:11870-1",{"_key":38},"MGASA-2022-0112",{"_key":40},"DEBIAN-CVE-2022-23645",[],[43,44,45],{"_key":34},{"_key":36},{"_key":38},"2022-02-18T20:50:10.000Z","2025-04-23T19:02:38.378Z","Modified",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":51,"epss_score":52,"severity":53,"severity_score":54,"severity_version":55,"severity_source":56,"severity_vector":57,"severity_status":48},false,"low",0.0003,"medium",6.2,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[59,67,72,77,81,85],{"url":60,"sources":61,"tags":63},"https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw",[56,62],"nvd",[64,65,66],"X Refsource CONFIRM","Patch","Third Party Advisory",{"url":68,"sources":69,"tags":70},"https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19",[56,62],[71,65,66],"X Refsource MISC",{"url":73,"sources":74,"tags":75},"https://github.com/stefanberger/swtpm/releases/tag/v0.5.3",[56,62],[71,76,66],"Release Notes",{"url":78,"sources":79,"tags":80},"https://github.com/stefanberger/swtpm/releases/tag/v0.6.2",[56,62],[71,76,66],{"url":82,"sources":83,"tags":84},"https://github.com/stefanberger/swtpm/releases/tag/v0.7.1",[56,62],[71,76,66],{"url":86,"sources":87,"tags":88},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A/",[56,62],[89,90],"Vendor Advisory","X Refsource FEDORA",[],{"date":93,"score":52,"percentile":94},"2026-06-04",0.08994,[96,100,103,106,109,112,115,118,121,124,126,129,132,134,137,141,144,147,150,153,156,160,163,166,169,172,175,178,181,184,187,190,193,196,199,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,278,281,284,287,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,348,351,354,357,360],{"date":97,"score":98,"percentile":99},"2025-11-04",0.00039,0.11023,{"date":101,"score":98,"percentile":102},"2025-11-05",0.11046,{"date":104,"score":98,"percentile":105},"2025-11-06",0.11161,{"date":107,"score":98,"percentile":108},"2025-11-07",0.11181,{"date":110,"score":98,"percentile":111},"2025-11-08",0.11193,{"date":113,"score":98,"percentile":114},"2025-11-09",0.1116,{"date":116,"score":98,"percentile":117},"2025-11-10",0.11115,{"date":119,"score":98,"percentile":120},"2025-11-11",0.11126,{"date":122,"score":98,"percentile":123},"2025-11-12",0.11164,{"date":125,"score":98,"percentile":111},"2025-11-13",{"date":127,"score":98,"percentile":128},"2025-11-14",0.11208,{"date":130,"score":98,"percentile":131},"2025-11-15",0.11206,{"date":133,"score":98,"percentile":128},"2025-11-16",{"date":135,"score":98,"percentile":136},"2025-11-17",0.11187,{"date":138,"score":139,"percentile":140},"2025-11-18",0.00169,0.32751,{"date":142,"score":139,"percentile":143},"2025-11-19",0.32767,{"date":145,"score":139,"percentile":146},"2025-11-20",0.32752,{"date":148,"score":98,"percentile":149},"2025-11-21",0.11227,{"date":151,"score":98,"percentile":152},"2025-11-22",0.11234,{"date":154,"score":98,"percentile":155},"2025-11-23",0.11198,{"date":157,"score":158,"percentile":159},"2025-11-24",0.0004,0.11963,{"date":161,"score":158,"percentile":162},"2025-11-25",0.11968,{"date":164,"score":158,"percentile":165},"2025-11-26",0.1196,{"date":167,"score":158,"percentile":168},"2025-11-27",0.11965,{"date":170,"score":158,"percentile":171},"2025-11-28",0.11959,{"date":173,"score":158,"percentile":174},"2025-11-29",0.11911,{"date":176,"score":158,"percentile":177},"2025-11-30",0.11914,{"date":179,"score":158,"percentile":180},"2025-12-01",0.1195,{"date":182,"score":158,"percentile":183},"2025-12-02",0.11957,{"date":185,"score":158,"percentile":186},"2025-12-03",0.11964,{"date":188,"score":158,"percentile":189},"2025-12-04",0.11951,{"date":191,"score":158,"percentile":192},"2025-12-05",0.11995,{"date":194,"score":158,"percentile":195},"2025-12-06",0.12008,{"date":197,"score":158,"percentile":198},"2025-12-07",0.12001,{"date":200,"score":158,"percentile":195},"2025-12-08",{"date":202,"score":158,"percentile":203},"2025-12-09",0.12066,{"date":205,"score":158,"percentile":206},"2025-12-10",0.1213,{"date":208,"score":158,"percentile":209},"2025-12-11",0.12155,{"date":211,"score":158,"percentile":212},"2025-12-12",0.12194,{"date":214,"score":158,"percentile":215},"2025-12-13",0.12212,{"date":217,"score":158,"percentile":218},"2025-12-14",0.12198,{"date":220,"score":158,"percentile":221},"2025-12-15",0.12149,{"date":223,"score":158,"percentile":224},"2025-12-16",0.12135,{"date":226,"score":158,"percentile":227},"2025-12-17",0.12223,{"date":229,"score":158,"percentile":230},"2025-12-18",0.12271,{"date":232,"score":158,"percentile":233},"2025-12-19",0.12281,{"date":235,"score":158,"percentile":236},"2025-12-20",0.12284,{"date":238,"score":158,"percentile":239},"2025-12-21",0.12261,{"date":241,"score":158,"percentile":242},"2025-12-22",0.12234,{"date":244,"score":158,"percentile":245},"2025-12-23",0.12236,{"date":247,"score":158,"percentile":248},"2025-12-24",0.12244,{"date":250,"score":158,"percentile":251},"2025-12-25",0.12319,{"date":253,"score":158,"percentile":254},"2025-12-26",0.12299,{"date":256,"score":158,"percentile":257},"2025-12-27",0.12304,{"date":259,"score":158,"percentile":260},"2025-12-28",0.1229,{"date":262,"score":158,"percentile":263},"2025-12-29",0.12218,{"date":265,"score":158,"percentile":266},"2025-12-30",0.12193,{"date":268,"score":158,"percentile":269},"2025-12-31",0.12233,{"date":271,"score":158,"percentile":272},"2026-01-01",0.12265,{"date":274,"score":158,"percentile":275},"2026-01-02",0.12249,{"date":277,"score":158,"percentile":263},"2026-01-03",{"date":279,"score":158,"percentile":280},"2026-01-04",0.12143,{"date":282,"score":158,"percentile":283},"2026-01-05",0.12092,{"date":285,"score":158,"percentile":286},"2026-01-06",0.12107,{"date":288,"score":158,"percentile":280},"2026-01-07",{"date":290,"score":158,"percentile":291},"2026-01-08",0.12187,{"date":293,"score":158,"percentile":294},"2026-01-09",0.12209,{"date":296,"score":158,"percentile":297},"2026-01-10",0.12235,{"date":299,"score":158,"percentile":300},"2026-01-11",0.12207,{"date":302,"score":158,"percentile":303},"2026-01-12",0.12177,{"date":305,"score":158,"percentile":306},"2026-01-13",0.12152,{"date":308,"score":158,"percentile":309},"2026-01-14",0.12213,{"date":311,"score":158,"percentile":312},"2026-01-15",0.12215,{"date":314,"score":158,"percentile":315},"2026-01-16",0.12264,{"date":317,"score":158,"percentile":318},"2026-01-17",0.12277,{"date":320,"score":158,"percentile":321},"2026-01-18",0.12225,{"date":323,"score":158,"percentile":324},"2026-01-19",0.12168,{"date":326,"score":158,"percentile":327},"2026-01-20",0.1215,{"date":329,"score":158,"percentile":330},"2026-01-21",0.12128,{"date":332,"score":158,"percentile":333},"2026-01-22",0.1211,{"date":335,"score":158,"percentile":336},"2026-01-23",0.12196,{"date":338,"score":158,"percentile":339},"2026-01-24",0.12253,{"date":341,"score":158,"percentile":342},"2026-01-25",0.12205,{"date":344,"score":158,"percentile":345},"2026-01-26",0.12148,{"date":347,"score":158,"percentile":224},"2026-01-27",{"date":349,"score":158,"percentile":350},"2026-01-28",0.12121,{"date":352,"score":158,"percentile":353},"2026-01-29",0.12095,{"date":355,"score":158,"percentile":356},"2026-01-30",0.12111,{"date":358,"score":158,"percentile":359},"2026-01-31",0.12131,{"date":361,"score":158,"percentile":362},"2026-02-01",0.12129,[364,369],{"source":56,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":54,"baseSeverity":366,"vectorString":57,"impactScore":367,"exploitabilityScore":368},"MEDIUM",6,6.4,{"source":62,"cvss_v2_0":370,"cvss_v3_0":9,"cvss_v3_1":375,"cvss_v4_0":9},{"baseScore":371,"baseSeverity":9,"vectorString":372,"impactScore":373,"exploitabilityScore":374},2.1,"AV:L/AC:L/Au:N/C:N/I:N/A:P",2.9,3.9,{"baseScore":376,"baseSeverity":366,"vectorString":377,"impactScore":367,"exploitabilityScore":378},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",4.6,[380,388,395,412],{"ecosystem":9,"name":381,"vendor":382,"product":381,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":384},"fedora","fedoraproject","o",[385],{"version":386,"is_range":50,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35","cpe",{"ecosystem":9,"name":389,"vendor":390,"product":391,"cpe_part":383,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":392},"enterprise linux","redhat","enterprise_linux",[393],{"version":394,"is_range":50,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":396,"vendor":397,"product":396,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"swtpm","stefanberger","a",[400,405,410],{"version":401,"is_range":402,"range_type":56,"version_start":9,"version_start_type":9,"version_end":403,"version_end_type":404,"fixed_in":9},"\u003C 0.5.3",true,"0.5.3","excluding",{"version":406,"is_range":402,"range_type":56,"version_start":407,"version_start_type":408,"version_end":409,"version_end_type":404,"fixed_in":9},">= 0.6.0, \u003C 0.6.2","0.6.0","including","0.6.2",{"version":411,"is_range":50,"range_type":56,"version_start":411,"version_start_type":408,"version_end":411,"version_end_type":408,"fixed_in":9},"= 0.7.0",{"ecosystem":9,"name":396,"vendor":413,"product":396,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":414},"swtpm_project",[415,417,419,421,423],{"version":416,"is_range":402,"range_type":387,"version_start":9,"version_start_type":9,"version_end":403,"version_end_type":404,"fixed_in":9},"lt0.5.3",{"version":418,"is_range":402,"range_type":387,"version_start":407,"version_start_type":408,"version_end":409,"version_end_type":404,"fixed_in":9},"gte0.6.0_lt0.6.2",{"version":420,"is_range":50,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"0.7.0",{"version":422,"is_range":50,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"0.7.0:rc1",{"version":424,"is_range":50,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"0.7.0:rc2"]