Описание
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash.
Отчет
This issue did not affect the versions of OVMF as shipped with Red Hat Enterprise Linux 7 as they were not compiled with HTTP_BOOT_ENABLE set, thus they do not contain the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | OVMF | Not affected | ||
| Red Hat Enterprise Linux 8 | edk2 | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
Связанные уязвимости
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Buffer overflow in network stack for EDK II may allow unprivileged use ...
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
Уязвимость библиотеки Tianocore edk2, вызванная недостаточной проверкой вводимых пользователем данных, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
EPSS
7.2 High
CVSS3