Описание
[REJECTED CVE] A vulnerability exists in EDK-2 within BaseUefiDecompressLib.c (MdePkg/Library/BaseUefiDecompressLib). An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | edk2 | Not affected | ||
| Red Hat Enterprise Linux 7 | ovmf | Fixed | RHSA-2019:2125 | 06.08.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1641446edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c
6.7 Medium
CVSS3
Связанные уязвимости
ubuntu
больше 5 лет назад
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
nvd
больше 5 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
6.7 Medium
CVSS3