CVE-2019-0160

Опубликовано: 26 фев. 2019

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1691640edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media

EPSS

Процентиль: 74%

0.00868

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2019-0160

CVSS3: 9.8

ubuntu

около 6 лет назад

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

CVE-2019-0160

CVSS3: 9.8

nvd

около 6 лет назад

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

CVE-2019-0160

CVSS3: 9.8

debian

около 6 лет назад

Buffer overflow in system firmware for EDK II may allow unauthenticate ...

GHSA-w3xf-7pcp-xvwv

CVSS3: 9.8

github

около 3 лет назад

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

openSUSE-SU-2019:1172-1

suse-cvrf

около 6 лет назад

Security update for ovmf

EPSS

Процентиль: 74%

0.00868

Низкий

5.9 Medium

CVSS3