Heap Memory Corruption in Das U-Boot Affected by Off-by-One Error
CVE-2024-57259

7.1HIGH

Key Information:

Vendor: Denx
Status: U-boot
Vendor: CVE Published:; 18 February 2025

What is CVE-2024-57259?

A vulnerability exists in Das U-Boot prior to version 2025.01-rc1, where an off-by-one error impacts the sqfs_search_dir function. This issue leads to heap memory corruption during squashfs directory listing, as the path separator is not taken into account in size calculations. This oversight may allow for unauthorized access and exploitation within impacted systems.

Affected Version(s)

U-Boot 0 < 2025.01-rc1

References

https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b...

https://www.openwall.com/lists/oss-security/2025/02/17/2

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025

CVE-2024-57259 Data

JSON

Denx

What is CVE-2024-57259?

Affected Version(s)

References

CVSS V3.1

Timeline