GHSA-9JXQ-5X44-GX23

Vulnerability from github – Published: 2025-02-14 18:03 – Updated: 2025-03-15 20:47
VLAI?
Summary
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Details

Impact

The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions >= 7.8.0, raising an exception.

This makes the Keylime registrar vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the registrar database by creating multiple valid agent registrations with different UUIDs while the version is still < 7.12.0. Then, when the Keylime registrar is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.

Patches

Users should upgrade to versions >= 7.12.1

Workarounds

  • Remove the registrar database and re-register all agents

Credit

Reported by: Anderson Toshiyuki Sasaki/@ansasaki Patched by: Anderson Toshiyuki Sasaki/@ansasaki

Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keylime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.12.0"
            },
            {
              "fixed": "7.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7.12.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-1057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1287",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-14T18:03:14Z",
    "nvd_published_at": "2025-03-15T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe Keylime `registrar` implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the `registrar` will not accept the format of the data previously stored in the database by versions  \u003e= 7.8.0, raising an exception.\n\nThis makes the Keylime `registrar` vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the `registrar` database by creating multiple valid agent registrations with different UUIDs while the version is still \u003c 7.12.0. Then, when the Keylime `registrar` is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.\n\n### Patches\nUsers should upgrade to versions \u003e= 7.12.1\n\n### Workarounds\n- Remove the registrar database and re-register all agents\n\n### Credit\n\nReported by: Anderson Toshiyuki Sasaki/@ansasaki\nPatched by: Anderson Toshiyuki Sasaki/@ansasaki",
  "id": "GHSA-9jxq-5x44-gx23",
  "modified": "2025-03-15T20:47:38Z",
  "published": "2025-02-14T18:03:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1057"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343894"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keylime/keylime"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.