Описание
[REJECTED CVE] A heap-based buffer overflow vulnerability exists in EDK II within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this flaw by supplying a crafted file, potentially leading to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | edk2 | Not affected | ||
| Red Hat Enterprise Linux 7 | ovmf | Fixed | RHSA-2019:2125 | 06.08.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1641450edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function
6.7 Medium
CVSS3
Связанные уязвимости
ubuntu
больше 5 лет назад
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
nvd
больше 5 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
6.7 Medium
CVSS3