CVE-2017-5733Out-of-bounds Write in Apple Macos Mojave

CWE-787Out-of-bounds WriteCWE-287Improper Authentication7 documents4 sources
Severity
7.8HIGHGHSA
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Macos Mojave
Timeline
PublishedApr 16

Description

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen `uefi-firmware` contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in `uefi_firmware/compression/Tiano/Decompress.c`, `ReadCLen()` reads `Number = GetBits(Sd, CBIT)` with `CBIT = 9`, so `Number` can be as large as `511`, while the destination array `Sd->mCLen` has `NC = 510` elements. the loop writes while `Index mCLen[Index++] = 0`. Reachability is through the normal parsing

Affected Packages1 packages

Appleapple/macos_mojave10.14

🔴Vulnerability Details

2
GHSA
UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen2026-04-16
GHSA
UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable2026-04-16

📋Vendor Advisories

2
Red Hat
edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function2018-10-16
Apple
CVE-2017-5733: macOS Mojave 10.142018-09-24

💬Community

3
Bugzilla
CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function2018-10-22
Bugzilla
CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function [fedora-all]2018-10-22
Bugzilla
CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function [epel-all]2018-10-22