CVE-2021-38575

Опубликовано: 01 дек. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

Ссылки

https://bugzilla.tianocore.org/show_bug.cgi?id=3356
Exploit
Issue Tracking
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023025
Third Party Advisory
https://bugzilla.tianocore.org/show_bug.cgi?id=3356
Exploit
Issue Tracking
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
https://www.insyde.com/security-pledge/SA-2023025
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*

Версия до 202105 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*

cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*

cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*

cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*

cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*

cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.0064

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-124

CWE-119

Связанные уязвимости

CVE-2021-38575

CVSS3: 8.1

ubuntu

около 4 лет назад

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVE-2021-38575

CVSS3: 8.1

redhat

больше 4 лет назад

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVE-2021-38575

CVSS3: 8.1

debian

около 4 лет назад

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

RLSA-2021:3066

rocky

больше 4 лет назад

Important: edk2 security update

GHSA-7cjm-mv56-4mg4

CVSS3: 8.1

github

около 4 лет назад

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

EPSS

Процентиль: 70%

0.0064

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-124

CWE-119