Uncaught Exception

CVE-2022-3500

Medium

5.1/10

Summary

A vulnerability was found in keylime prior to 6.5.1. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

References

Advisory
Pull request
Issue

Advisory Timeline

Published Nov 22, 2022

Uncaught Exception

CVE-2022-3500

Summary

CWE-248 - Uncaught Exception

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS