What is CVE-2023-32690?

CVE-2023-32690 is a medium-severity vulnerability in Dmtf Libspdm, classified under Improper Input Validation. CVSS score: 5.7/10. Published 2023-06-01.

How severe is CVE-2023-32690?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Improper input validation in Dmtf Libspdm

CVE-2023-32690

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without val…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (71.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Dmtf Libspdm — versions < 2.3.3

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

https://github.com/DMTF/libspdm/security/advisories/GHSA-56h8-4gv5-jf2c (x_refsource_CONFIRM)
https://github.com/DMTF/libspdm/issues/2068 (x_refsource_MISC)
https://github.com/DMTF/libspdm/pull/2069 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-32690?: CVE-2023-32690 is a medium-severity vulnerability in Dmtf Libspdm, classified under Improper Input Validation. CVSS score: 5.7/10. Published 2023-06-01.
How severe is CVE-2023-32690?: Medium severity. CVSS v3 base score is 5.7 out of 10.