CVE-2022-30767
Description
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.15
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.01+dfsg-2ubuntu2.3_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.07+dfsg-1ubuntu4.2_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2020.10+dfsg-1ubuntu0~18.04.3_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2021.01+dfsg-3ubuntu0~20.04.5_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.01+dfsg-2ubuntu2.3_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.07+dfsg-1ubuntu4.2_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2020.10+dfsg-1ubuntu0~18.04.3_i386.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2020.10+dfsg-1ubuntu0~18.04.3_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2021.01+dfsg-3ubuntu0~20.04.5_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.07+dfsg-1ubuntu4.2_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.07+dfsg-1ubuntu4.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234