imgtool@1.7.0rc2 vulnerabilities

MCUboot's image signing and key management

Direct Vulnerabilities

Known vulnerabilities in the imgtool package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Validation of Integrity Check Value

imgtool is a MCUboot's image signing and key management

Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in image_validate.c, when boot record functionality is enabled. An attacker can inject dependencies or boot record fields into a TLV entry which should be treated as protected. This allows the rejection of valid images and addition of fabricated properties to an image.

How to fix Improper Validation of Integrity Check Value?

There is no fixed version for imgtool.

[,2.1.0rc1)