Go Attestation Google Go Attestation

Do you want an email whenever new security vulnerabilities are reported in Google Go Attestation?

By the Year

In 2023 there have been 0 vulnerabilities in Google Go Attestation . Last year Go Attestation had 1 security vulnerability published. Right now, Go Attestation is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 1 3.30
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Go Attestation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Go Attestation Security Vulnerabilities

An improper input validation vulnerability in go-attestation before 0.3.3

CVE-2022-0317 3.3 - Low - February 04, 2022

An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Google Go Attestation or by Google? Click the Watch button to subscribe.