| |
Vulnerability CVE-2021-34394
Published: 2021-06-22 Modified: 2021-06-23
| Description: |
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution. |
Type:
CWE-502 (Deserialization of Untrusted Data)
CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.6/10 |
6.4/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
