—

GO-2026-5298

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

상세

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/google/go-attestation

최초 영향 버전: 0

No fixed version published yet for github.com/google/go-attestation (go modules). Pin to a known-safe version or switch to an alternative.

참고

https://github.com/google/go-attestation/security/advisories/GHSA-9r4w-jg96-92mv [ADVISORY]
https://github.com/google/go-attestation/commit/b6e905e7ae52937f02b5ca494dd1c6a3ac7a1003 [FIX]
https://github.com/google/go-attestation/pull/502 [FIX]
https://github.com/google/go-attestation/releases/tag/v0.6.0 [WEB]