CVE-2019-13104

Опубликовано: 06 авг. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00004.html
Mailing List
Third Party Advisory
https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
Third Party Advisory
https://github.com/u-boot/u-boot/commits/master
Patch
Third Party Advisory
https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
Mailing List
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00004.html
Mailing List
Third Party Advisory
https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
Third Party Advisory
https://github.com/u-boot/u-boot/commits/master
Patch
Third Party Advisory
https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
Mailing List
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*

Версия от 2016.09 (включая) до 2019.04 (включая)

cpe:2.3:a:denx:u-boot:2019.07:-:*:*:*:*:*:*

cpe:2.3:a:denx:u-boot:2019.07:rc1:*:*:*:*:*:*

cpe:2.3:a:denx:u-boot:2019.07:rc2:*:*:*:*:*:*

cpe:2.3:a:denx:u-boot:2019.07:rc3:*:*:*:*:*:*

cpe:2.3:a:denx:u-boot:2019.07:rc4:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.0029

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-191

Связанные уязвимости

CVE-2019-13104

CVSS3: 7.8

ubuntu

больше 6 лет назад

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

CVE-2019-13104

CVSS3: 7.8

debian

больше 6 лет назад

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...

GHSA-rf5j-jvr6-2g8r

CVSS3: 7.8

github

больше 3 лет назад

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

BDU:2025-13582

CVSS3: 7.8

fstec

больше 6 лет назад

Уязвимость функции memcpy() загрузчика U-Boot, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

openSUSE-SU-2019:2235-1

suse-cvrf

больше 6 лет назад

Security update for u-boot

EPSS

Процентиль: 52%

0.0029

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-191