Stack-based Buffer Overflow in Das U-Boot Product by DENX
CVE-2022-34835

9.8CRITICAL

Key Information:

Vendor: Denx
Status: U-boot
Vendor: CVE Published:; 30 June 2022

🔔 Create Denx Vulnerability Alert

What is CVE-2022-34835?

In Das U-Boot versions up to 2022.07-rc5, a signed integer error in the 'i2c md' command can lead to a stack-based buffer overflow, which compromises the return address pointer of the do_i2c_md function, potentially allowing execution of arbitrary code.

References

https://lists.denx.de/pipermail/u-boot/2022-June/486113.html

x_refsource_MISC

https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72...

x_refsource_MISC

https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1eb...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022

CVE-2022-34835 Data

.