Stack Buffer Overflow in Das U-Boot Affects Multiple Versions
CVE-2019-13106

7.8HIGH

Key Information:

Vendor

Denx

Status
U-boot
Vendor
CVE Published:
6 August 2019

What is CVE-2019-13106?

A stack buffer overflow vulnerability exists in Das U-Boot due to improper handling of memory when processing specially crafted ext4 filesystems. Attackers can exploit this flaw by feeding malicious data to the affected version of the software, potentially leading to unexpected behavior and enabling remote code execution.

References

https://github.com/u-boot/u-boot/commits/master
x_refsource_MISC
https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
x_refsource_MISC
https://gist.github.com/deephooloovoo/d91b81a1674b4750e66...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.