CVE-2017-5731Improper Restriction of Operations within the Bounds of a Memory Buffer in Edk2

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-287Improper Authentication10 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedOct 28
Latest updateJul 29

Description

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtianocore/edk2< 2017-11-07
Ubuntutianocore/edk2< 0~20160408.ffea0a2c-2ubuntu0.2+esm1+1

Patches

Patch: bugzilla.tianocore.orgPatch: bugzilla.tianocore.org

🔴Vulnerability Details

3
OSV
edk2 vulnerabilities2024-07-29
CVEList
CVE-2017-5731: Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local ac2019-10-28
OSV
CVE-2017-5731: Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local ac2019-10-28

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2024-07-29
Red Hat
edk2: Privilege escalation via processing of malformed files in TianoCompress.c2018-10-16
Apple
CVE-2017-5731: macOS Mojave 10.142018-09-24

💬Community

3
Bugzilla
CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c [fedora-all]2018-10-22
Bugzilla
CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c [epel-all]2018-10-22
Bugzilla
CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c2018-10-22
CVE-2017-5731 — Tianocore Edk2 vulnerability | cvebase