CVE-2017-5734 — Out-of-bounds Write in Apple Macos Mojave

CWE-787 — Out-of-bounds Write CWE-287 — Improper Authentication7 documents4 sources

Severity

7.8HIGHGHSA

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Mojave

Timeline

PublishedApr 16

Description

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen `uefi-firmware` contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in `uefi_firmware/compression/Tiano/Decompress.c`, `ReadCLen()` reads `Number = GetBits(Sd, CBIT)` with `CBIT = 9`, so `Number` can be as large as `511`, while the destination array `Sd->mCLen` has `NC = 510` elements. the loop writes while `Index mCLen[Index++] = 0`. Reachability is through the normal parsing…

Affected Packages1 packages

▶Appleapple/macos_mojave10.14

🔴Vulnerability Details

GHSA

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen↗2026-04-16

▶

GHSA

UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable↗2026-04-16

▶

📋Vendor Advisories

Red Hat

edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function↗2018-10-16

▶

Apple

CVE-2017-5734: macOS Mojave 10.14↗2018-09-24

▶

💬Community

Bugzilla

CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function↗2018-10-22

▶

Bugzilla

CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function [fedora-all]↗2018-10-22

▶

Bugzilla

CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function [epel-all]↗2018-10-22

▶