What the vulnerability does

01Description

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.

Key dates

02Disclosure timeline

September 21, 2022 CVE published
May 27, 2025 Record updated