Headline
CVE-2022-23951: Keylime: Quote responses subject to Zip bomb attacks
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Impact
Quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Patches
Users should upgrade to at least 6.3.x.
Workarounds
None
Credit
Many thanks to Matthias Gerstner for finding this issue and for Thore Sommer for the fix.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
- Ask on #keylime channel on the CNCF Slack