Buffer Overflow Vulnerability in EDK II Firmware by TianoCore
CVE-2019-0160

8.7HIGH

Key Information:

Vendor: Tianocore
Status: Extensible Firmware Interface Development Kit (edk Ii)
Vendor: CVE Published:; 27 March 2019

What is CVE-2019-0160?

A buffer overflow flaw in the system firmware for EDK II could potentially be exploited by an unauthenticated user. By leveraging network access, the vulnerability allows for escalation of privileges or could lead to a denial of service, jeopardizing system integrity and availability. Organizations utilizing EDK II firmware should be aware of this issue and implement the necessary security measures to mitigate potential risks.

Affected Version(s)

Extensible Firmware Interface Development Kit (EDK II)

References

https://tianocore-docs.github.io/SecurityAdvisory/draft/p...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2019
Vulnerability Reserved
Nov 13, 2018

Tianocore

What is CVE-2019-0160?

Affected Version(s)

References

CVSS V3.1

Timeline