[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-43632":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":413,"aliases":414,"duplicate_of":9,"upstream":417,"downstream":418,"duplicates":421,"related":422,"reserved_at":9,"published_at":424,"modified_at":425,"state":426,"summary":427,"references_raw":436,"kevs":466,"epss":467,"epss_history":470,"metrics":737,"affected":754},"CVE-2023-43632","\nAs noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port\n8877 in EVE, exposing limited functionality of the TPM to the clients. \nVTPM allows clients to\nexecute tpm2-tools binaries from a list of hardcoded options”\nThe communication with this server is done using protobuf, and the data is comprised of 2\nparts:\n\n1. Header\n\n2. Data\n\nWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,\nand these 4 bytes would be parsed as uint32 size of the actual data to come.\n\nThen, in the function “handleRequest” this size is then used in order to allocate a payload on\nthe stack for the incoming data.\n\nAs this payload is allocated on the stack, this will allow overflowing the stack size allocated for\nthe relevant process with freely controlled data.\n\n* An attacker can crash the system. \n* An attacker can gain control over the system, specifically on the “vtpm_server” process\nwhich has very high privileges.\n\n\n",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-789","Memory Allocation with Excessive Size Value","The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","weakness","Draft","Variant",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","Incomplete","Base","High",[27,113,123,127,131,135,139,143,175,237,241,245,275,305,337,341,345,349,353,357],{"id":28,"name":29,"techniques":30},"CAPEC-125","Flooding",[31,85],{"id":32,"name":33,"tactics":34,"countermeasures":38},"T1498.001","Direct Network Flood",[35],{"id":36,"name":37},"TA0105","Impact",[39,44,48,52,56,60,64,68,72,76,81],{"id":40,"name":41,"tactic":42},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":43},"Detect",{"id":45,"name":46,"tactic":47},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":43},{"id":49,"name":50,"tactic":51},"D3-CSPP","Client-server Payload Profiling",{"name":43},{"id":53,"name":54,"tactic":55},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":43},{"id":57,"name":58,"tactic":59},"D3-NTSA","Network Traffic Signature Analysis",{"name":43},{"id":61,"name":62,"tactic":63},"D3-APCA","Application Protocol Command Analysis",{"name":43},{"id":65,"name":66,"tactic":67},"D3-NTCD","Network Traffic Community Deviation",{"name":43},{"id":69,"name":70,"tactic":71},"D3-RTSD","Remote Terminal Session Detection",{"name":43},{"id":73,"name":74,"tactic":75},"D3-ISVA","Inbound Session Volume Analysis",{"name":43},{"id":77,"name":78,"tactic":79},"D3-NTF","Network Traffic Filtering",{"name":80},"Isolate",{"id":82,"name":83,"tactic":84},"D3-ITF","Inbound Traffic Filtering",{"name":80},{"id":86,"name":87,"tactics":88,"countermeasures":90},"T1499","Endpoint Denial of Service",[89],{"id":36,"name":37},[91,93,95,97,99,101,103,105,107,109,111],{"id":40,"name":41,"tactic":92},{"name":43},{"id":45,"name":46,"tactic":94},{"name":43},{"id":49,"name":50,"tactic":96},{"name":43},{"id":53,"name":54,"tactic":98},{"name":43},{"id":57,"name":58,"tactic":100},{"name":43},{"id":61,"name":62,"tactic":102},{"name":43},{"id":65,"name":66,"tactic":104},{"name":43},{"id":69,"name":70,"tactic":106},{"name":43},{"id":73,"name":74,"tactic":108},{"name":43},{"id":77,"name":78,"tactic":110},{"name":80},{"id":82,"name":83,"tactic":112},{"name":80},{"id":114,"name":115,"techniques":116},"CAPEC-130","Excessive Allocation",[117],{"id":118,"name":119,"tactics":120,"countermeasures":122},"T1499.003","Application Exhaustion Flood",[121],{"id":36,"name":37},[],{"id":124,"name":125,"techniques":126},"CAPEC-147","XML Ping of the Death",[],{"id":128,"name":129,"techniques":130},"CAPEC-197","Exponential Data Expansion",[],{"id":132,"name":133,"techniques":134},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":136,"name":137,"techniques":138},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":140,"name":141,"techniques":142},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":144,"name":145,"techniques":146},"CAPEC-469","HTTP DoS",[147],{"id":148,"name":149,"tactics":150,"countermeasures":152},"T1499.002","Service Exhaustion Flood",[151],{"id":36,"name":37},[153,155,157,159,161,163,165,167,169,171,173],{"id":40,"name":41,"tactic":154},{"name":43},{"id":45,"name":46,"tactic":156},{"name":43},{"id":49,"name":50,"tactic":158},{"name":43},{"id":53,"name":54,"tactic":160},{"name":43},{"id":57,"name":58,"tactic":162},{"name":43},{"id":61,"name":62,"tactic":164},{"name":43},{"id":65,"name":66,"tactic":166},{"name":43},{"id":69,"name":70,"tactic":168},{"name":43},{"id":73,"name":74,"tactic":170},{"name":43},{"id":77,"name":78,"tactic":172},{"name":80},{"id":82,"name":83,"tactic":174},{"name":80},{"id":176,"name":177,"techniques":178},"CAPEC-482","TCP Flood",[179,205,211],{"id":32,"name":33,"tactics":180,"countermeasures":182},[181],{"id":36,"name":37},[183,185,187,189,191,193,195,197,199,201,203],{"id":40,"name":41,"tactic":184},{"name":43},{"id":45,"name":46,"tactic":186},{"name":43},{"id":49,"name":50,"tactic":188},{"name":43},{"id":53,"name":54,"tactic":190},{"name":43},{"id":57,"name":58,"tactic":192},{"name":43},{"id":61,"name":62,"tactic":194},{"name":43},{"id":65,"name":66,"tactic":196},{"name":43},{"id":69,"name":70,"tactic":198},{"name":43},{"id":73,"name":74,"tactic":200},{"name":43},{"id":77,"name":78,"tactic":202},{"name":80},{"id":82,"name":83,"tactic":204},{"name":80},{"id":206,"name":207,"tactics":208,"countermeasures":210},"T1499.001","OS Exhaustion Flood",[209],{"id":36,"name":37},[],{"id":148,"name":149,"tactics":212,"countermeasures":214},[213],{"id":36,"name":37},[215,217,219,221,223,225,227,229,231,233,235],{"id":40,"name":41,"tactic":216},{"name":43},{"id":45,"name":46,"tactic":218},{"name":43},{"id":49,"name":50,"tactic":220},{"name":43},{"id":53,"name":54,"tactic":222},{"name":43},{"id":57,"name":58,"tactic":224},{"name":43},{"id":61,"name":62,"tactic":226},{"name":43},{"id":65,"name":66,"tactic":228},{"name":43},{"id":69,"name":70,"tactic":230},{"name":43},{"id":73,"name":74,"tactic":232},{"name":43},{"id":77,"name":78,"tactic":234},{"name":80},{"id":82,"name":83,"tactic":236},{"name":80},{"id":238,"name":239,"techniques":240},"CAPEC-486","UDP Flood",[],{"id":242,"name":243,"techniques":244},"CAPEC-487","ICMP Flood",[],{"id":246,"name":247,"techniques":248},"CAPEC-488","HTTP Flood",[249],{"id":148,"name":149,"tactics":250,"countermeasures":252},[251],{"id":36,"name":37},[253,255,257,259,261,263,265,267,269,271,273],{"id":40,"name":41,"tactic":254},{"name":43},{"id":45,"name":46,"tactic":256},{"name":43},{"id":49,"name":50,"tactic":258},{"name":43},{"id":53,"name":54,"tactic":260},{"name":43},{"id":57,"name":58,"tactic":262},{"name":43},{"id":61,"name":62,"tactic":264},{"name":43},{"id":65,"name":66,"tactic":266},{"name":43},{"id":69,"name":70,"tactic":268},{"name":43},{"id":73,"name":74,"tactic":270},{"name":43},{"id":77,"name":78,"tactic":272},{"name":80},{"id":82,"name":83,"tactic":274},{"name":80},{"id":276,"name":277,"techniques":278},"CAPEC-489","SSL Flood",[279],{"id":148,"name":149,"tactics":280,"countermeasures":282},[281],{"id":36,"name":37},[283,285,287,289,291,293,295,297,299,301,303],{"id":40,"name":41,"tactic":284},{"name":43},{"id":45,"name":46,"tactic":286},{"name":43},{"id":49,"name":50,"tactic":288},{"name":43},{"id":53,"name":54,"tactic":290},{"name":43},{"id":57,"name":58,"tactic":292},{"name":43},{"id":61,"name":62,"tactic":294},{"name":43},{"id":65,"name":66,"tactic":296},{"name":43},{"id":69,"name":70,"tactic":298},{"name":43},{"id":73,"name":74,"tactic":300},{"name":43},{"id":77,"name":78,"tactic":302},{"name":80},{"id":82,"name":83,"tactic":304},{"name":80},{"id":306,"name":307,"techniques":308},"CAPEC-490","Amplification",[309],{"id":310,"name":311,"tactics":312,"countermeasures":314},"T1498.002","Reflection Amplification",[313],{"id":36,"name":37},[315,317,319,321,323,325,327,329,331,333,335],{"id":40,"name":41,"tactic":316},{"name":43},{"id":45,"name":46,"tactic":318},{"name":43},{"id":49,"name":50,"tactic":320},{"name":43},{"id":53,"name":54,"tactic":322},{"name":43},{"id":57,"name":58,"tactic":324},{"name":43},{"id":61,"name":62,"tactic":326},{"name":43},{"id":65,"name":66,"tactic":328},{"name":43},{"id":69,"name":70,"tactic":330},{"name":43},{"id":73,"name":74,"tactic":332},{"name":43},{"id":77,"name":78,"tactic":334},{"name":80},{"id":82,"name":83,"tactic":336},{"name":80},{"id":338,"name":339,"techniques":340},"CAPEC-491","Quadratic Data Expansion",[],{"id":342,"name":343,"techniques":344},"CAPEC-493","SOAP Array Blowup",[],{"id":346,"name":347,"techniques":348},"CAPEC-494","TCP Fragmentation",[],{"id":350,"name":351,"techniques":352},"CAPEC-495","UDP Fragmentation",[],{"id":354,"name":355,"techniques":356},"CAPEC-496","ICMP Fragmentation",[],{"id":358,"name":359,"techniques":360},"CAPEC-528","XML Flood",[361,387],{"id":148,"name":149,"tactics":362,"countermeasures":364},[363],{"id":36,"name":37},[365,367,369,371,373,375,377,379,381,383,385],{"id":40,"name":41,"tactic":366},{"name":43},{"id":45,"name":46,"tactic":368},{"name":43},{"id":49,"name":50,"tactic":370},{"name":43},{"id":53,"name":54,"tactic":372},{"name":43},{"id":57,"name":58,"tactic":374},{"name":43},{"id":61,"name":62,"tactic":376},{"name":43},{"id":65,"name":66,"tactic":378},{"name":43},{"id":69,"name":70,"tactic":380},{"name":43},{"id":73,"name":74,"tactic":382},{"name":43},{"id":77,"name":78,"tactic":384},{"name":80},{"id":82,"name":83,"tactic":386},{"name":80},{"id":32,"name":33,"tactics":388,"countermeasures":390},[389],{"id":36,"name":37},[391,393,395,397,399,401,403,405,407,409,411],{"id":40,"name":41,"tactic":392},{"name":43},{"id":45,"name":46,"tactic":394},{"name":43},{"id":49,"name":50,"tactic":396},{"name":43},{"id":53,"name":54,"tactic":398},{"name":43},{"id":57,"name":58,"tactic":400},{"name":43},{"id":61,"name":62,"tactic":402},{"name":43},{"id":65,"name":66,"tactic":404},{"name":43},{"id":69,"name":70,"tactic":406},{"name":43},{"id":73,"name":74,"tactic":408},{"name":43},{"id":77,"name":78,"tactic":410},{"name":80},{"id":82,"name":83,"tactic":412},{"name":80},[],[415,416],"GHSA-6jp5-grgh-jw42","GO-2026-4422",[],[419],{"_key":420},"SUSE-SU-2026:0403-1",[],[423],{"_key":420},"2023-09-21T13:13:30.579Z","2024-09-24T17:09:26.069Z","Modified",{"cisa_kev":428,"cisa_ransomware":428,"cisa_vendor":9,"epss_severity":429,"epss_score":430,"severity":431,"severity_score":432,"severity_version":433,"severity_source":434,"severity_vector":435,"severity_status":426},false,"low",0.00072,"critical",9.9,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[437,442,449,453,457,461],{"url":438,"sources":439,"tags":441},"https://asrg.io/security-advisories/cve-2023-43632/",[440,434],"cve.org",[],{"url":443,"sources":444,"tags":446},"https://github.com/lf-edge/eve/security/advisories/GHSA-6jp5-grgh-jw42",[445],"osv_go",[447,448],"WEB","Advisory",{"url":450,"sources":451,"tags":452},"https://nvd.nist.gov/vuln/detail/CVE-2023-43632",[445],[448],{"url":454,"sources":455,"tags":456},"https://asrg.io/security-advisories/cve-2023-43632",[445],[447],{"url":458,"sources":459,"tags":460},"https://asrg.io/security-advisories/freely-allocate-buffer-on-the-stack-with-data-from-socket",[445],[447],{"url":462,"sources":463,"tags":464},"https://github.com/lf-edge/eve",[445],[465],"PACKAGE",[],{"date":468,"score":430,"percentile":469},"2026-06-05",0.22068,[471,475,478,481,484,487,490,493,496,499,501,504,507,510,513,517,520,523,526,529,532,535,538,541,544,547,550,553,556,559,561,564,567,570,573,576,579,582,585,588,591,594,597,600,603,606,609,612,615,617,620,623,626,629,632,635,638,641,644,647,650,653,656,659,662,665,668,671,674,677,680,683,686,688,691,693,696,699,702,705,708,710,713,716,719,722,725,728,731,734],{"date":472,"score":473,"percentile":474},"2025-11-04",0.00084,0.25293,{"date":476,"score":473,"percentile":477},"2025-11-05",0.25274,{"date":479,"score":473,"percentile":480},"2025-11-06",0.25281,{"date":482,"score":473,"percentile":483},"2025-11-07",0.2528,{"date":485,"score":473,"percentile":486},"2025-11-08",0.25282,{"date":488,"score":473,"percentile":489},"2025-11-09",0.25241,{"date":491,"score":473,"percentile":492},"2025-11-10",0.25203,{"date":494,"score":473,"percentile":495},"2025-11-11",0.25206,{"date":497,"score":473,"percentile":498},"2025-11-12",0.25232,{"date":500,"score":473,"percentile":498},"2025-11-13",{"date":502,"score":473,"percentile":503},"2025-11-14",0.25227,{"date":505,"score":473,"percentile":506},"2025-11-15",0.25217,{"date":508,"score":473,"percentile":509},"2025-11-16",0.25169,{"date":511,"score":473,"percentile":512},"2025-11-17",0.25126,{"date":514,"score":515,"percentile":516},"2025-11-18",0.00237,0.43103,{"date":518,"score":515,"percentile":519},"2025-11-19",0.43115,{"date":521,"score":515,"percentile":522},"2025-11-20",0.43125,{"date":524,"score":473,"percentile":525},"2025-11-21",0.25048,{"date":527,"score":473,"percentile":528},"2025-11-22",0.25044,{"date":530,"score":473,"percentile":531},"2025-11-23",0.24993,{"date":533,"score":473,"percentile":534},"2025-11-24",0.24966,{"date":536,"score":473,"percentile":537},"2025-11-25",0.24951,{"date":539,"score":473,"percentile":540},"2025-11-26",0.24939,{"date":542,"score":473,"percentile":543},"2025-11-27",0.24937,{"date":545,"score":473,"percentile":546},"2025-11-28",0.24911,{"date":548,"score":473,"percentile":549},"2025-11-29",0.24902,{"date":551,"score":473,"percentile":552},"2025-11-30",0.24876,{"date":554,"score":473,"percentile":555},"2025-12-01",0.24916,{"date":557,"score":473,"percentile":558},"2025-12-02",0.24941,{"date":560,"score":473,"percentile":537},"2025-12-03",{"date":562,"score":473,"percentile":563},"2025-12-04",0.24882,{"date":565,"score":473,"percentile":566},"2025-12-05",0.24934,{"date":568,"score":473,"percentile":569},"2025-12-06",0.24933,{"date":571,"score":473,"percentile":572},"2025-12-07",0.24901,{"date":574,"score":473,"percentile":575},"2025-12-08",0.24908,{"date":577,"score":473,"percentile":578},"2025-12-09",0.24962,{"date":580,"score":473,"percentile":581},"2025-12-10",0.2503,{"date":583,"score":473,"percentile":584},"2025-12-11",0.25042,{"date":586,"score":473,"percentile":587},"2025-12-12",0.25057,{"date":589,"score":473,"percentile":590},"2025-12-13",0.25059,{"date":592,"score":473,"percentile":593},"2025-12-14",0.25033,{"date":595,"score":473,"percentile":596},"2025-12-15",0.25006,{"date":598,"score":473,"percentile":599},"2025-12-16",0.25024,{"date":601,"score":473,"percentile":602},"2025-12-17",0.25099,{"date":604,"score":473,"percentile":605},"2025-12-18",0.25158,{"date":607,"score":473,"percentile":608},"2025-12-19",0.25174,{"date":610,"score":473,"percentile":611},"2025-12-20",0.25143,{"date":613,"score":473,"percentile":614},"2025-12-21",0.25092,{"date":616,"score":473,"percentile":525},"2025-12-22",{"date":618,"score":473,"percentile":619},"2025-12-23",0.25023,{"date":621,"score":473,"percentile":622},"2025-12-24",0.25032,{"date":624,"score":473,"percentile":625},"2025-12-25",0.25108,{"date":627,"score":473,"percentile":628},"2025-12-26",0.25096,{"date":630,"score":473,"percentile":631},"2025-12-27",0.25093,{"date":633,"score":473,"percentile":634},"2025-12-28",0.24963,{"date":636,"score":473,"percentile":637},"2025-12-29",0.24931,{"date":639,"score":473,"percentile":640},"2025-12-30",0.24927,{"date":642,"score":473,"percentile":643},"2025-12-31",0.24988,{"date":645,"score":473,"percentile":646},"2026-01-01",0.25087,{"date":648,"score":473,"percentile":649},"2026-01-02",0.2508,{"date":651,"score":473,"percentile":652},"2026-01-03",0.25062,{"date":654,"score":473,"percentile":655},"2026-01-04",0.24965,{"date":657,"score":473,"percentile":658},"2026-01-05",0.24944,{"date":660,"score":473,"percentile":661},"2026-01-06",0.24952,{"date":663,"score":473,"percentile":664},"2026-01-07",0.2498,{"date":666,"score":473,"percentile":667},"2026-01-08",0.25026,{"date":669,"score":473,"percentile":670},"2026-01-09",0.25002,{"date":672,"score":473,"percentile":673},"2026-01-10",0.24973,{"date":675,"score":473,"percentile":676},"2026-01-11",0.2495,{"date":678,"score":473,"percentile":679},"2026-01-12",0.24913,{"date":681,"score":473,"percentile":682},"2026-01-13",0.24889,{"date":684,"score":473,"percentile":685},"2026-01-14",0.24946,{"date":687,"score":473,"percentile":543},"2026-01-15",{"date":689,"score":473,"percentile":690},"2026-01-16",0.24968,{"date":692,"score":473,"percentile":673},"2026-01-17",{"date":694,"score":473,"percentile":695},"2026-01-18",0.24949,{"date":697,"score":473,"percentile":698},"2026-01-19",0.24904,{"date":700,"score":473,"percentile":701},"2026-01-20",0.24887,{"date":703,"score":473,"percentile":704},"2026-01-21",0.24842,{"date":706,"score":473,"percentile":707},"2026-01-22",0.24829,{"date":709,"score":473,"percentile":679},"2026-01-23",{"date":711,"score":473,"percentile":712},"2026-01-24",0.24919,{"date":714,"score":473,"percentile":715},"2026-01-25",0.24834,{"date":717,"score":473,"percentile":718},"2026-01-26",0.24741,{"date":720,"score":473,"percentile":721},"2026-01-27",0.24728,{"date":723,"score":473,"percentile":724},"2026-01-28",0.24725,{"date":726,"score":473,"percentile":727},"2026-01-29",0.24688,{"date":729,"score":473,"percentile":730},"2026-01-30",0.24673,{"date":732,"score":473,"percentile":733},"2026-01-31",0.24667,{"date":735,"score":473,"percentile":736},"2026-02-01",0.24716,[738,745,748],{"source":440,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":739,"cvss_v4_0":9},{"baseScore":740,"baseSeverity":741,"vectorString":742,"impactScore":743,"exploitabilityScore":744},9,"CRITICAL","CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",10,5.9,{"source":434,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":746,"cvss_v4_0":9},{"baseScore":432,"baseSeverity":741,"vectorString":435,"impactScore":743,"exploitabilityScore":747},7.9,{"source":445,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":749,"cvss_v4_0":9},{"baseScore":750,"baseSeverity":9,"vectorString":751,"impactScore":752,"exploitabilityScore":753},6.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",6.7,5.1,[755,768,779],{"ecosystem":756,"name":757,"vendor":758,"product":759,"cpe_part":9,"purl_type":760,"purl_namespace":758,"purl_name":759,"source":9,"versions":761},"Go","github.com/lf-edge/eve","github.com/lf-edge","eve","golang",[762],{"version":763,"is_range":764,"range_type":765,"version_start":9,"version_start_type":9,"version_end":766,"version_end_type":767,"fixed_in":9},"lt0_0_0_20230519072751_977f42b07fa9",true,"semver","0.0.0-20230519072751-977f42b07fa9","excluding",{"ecosystem":9,"name":769,"vendor":770,"product":771,"cpe_part":772,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":773},"EVE OS","lf-edge, zededa","eve os","a",[774],{"version":775,"is_range":764,"range_type":440,"version_start":776,"version_start_type":777,"version_end":778,"version_end_type":767,"fixed_in":9},">= 3.0.0, \u003C 9.5.0","3.0.0","including","9.5.0",{"ecosystem":9,"name":780,"vendor":781,"product":782,"cpe_part":783,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":784},"edge virtualization engine","linuxfoundation","edge_virtualization_engine","o",[785],{"version":786,"is_range":764,"range_type":787,"version_start":776,"version_start_type":777,"version_end":778,"version_end_type":767,"fixed_in":9},"gte3.0.0_lt9.5.0","cpe"]