Out-of-Bounds Data Read Vulnerability in Das U-Boot
CVE-2019-14197

9.1CRITICAL

Key Information:

Vendor

Denx

Status
U-boot
Vendor
CVE Published:
31 July 2019

What is CVE-2019-14197?

An identified issue within Das U-Boot versions up to 2019.07 allows for a read of out-of-bounds data during NFS operations. This vulnerability could lead to unintended data exposure, compromising the integrity and confidentiality of system information. It is crucial for users and administrators of affected devices to apply necessary patches or updates to mitigate potential security risks.

References

https://gitlab.com/u-boot/u-boot
x_refsource_MISC
https://blog.semmle.com/uboot-rce-nfs-vulnerability/
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.