Описание
[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | edk2 | Not affected | ||
| Red Hat Enterprise Linux 7 | ovmf | Fixed | RHSA-2019:2125 | 06.08.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1641465edk2: Privilege escalation via heap-based buffer overflow in Decode() function
6.7 Medium
CVSS3
Связанные уязвимости
ubuntu
больше 5 лет назад
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
nvd
больше 5 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
6.7 Medium
CVSS3