CVE-2017-5735Out-of-bounds Write in Apple Macos Mojave

CWE-787Out-of-bounds WriteCWE-287Improper AuthenticationCWE-617Reachable Assertion9 documents4 sources
Severity
7.8HIGHGHSA
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Macos Mojave
Timeline
PublishedApr 16

Description

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen `uefi-firmware` contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in `uefi_firmware/compression/Tiano/Decompress.c`, `ReadCLen()` reads `Number = GetBits(Sd, CBIT)` with `CBIT = 9`, so `Number` can be as large as `511`, while the destination array `Sd->mCLen` has `NC = 510` elements. the loop writes while `Index mCLen[Index++] = 0`. Reachability is through the normal parsing

Affected Packages1 packages

Appleapple/macos_mojave10.14

🔴Vulnerability Details

2
GHSA
UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen2026-04-16
GHSA
UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable2026-04-16

📋Vendor Advisories

3
Red Hat
edk2: Privilege escalation via heap-based buffer overflow in Decode() function2018-10-16
Apple
CVE-2017-5735: macOS Mojave 10.142018-09-24
Red Hat
bind: Assertion failure in validator.c due to incorrect handling of DNSSEC validation2018-02-19

💬Community

4
Bugzilla
CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function2018-10-22
Bugzilla
CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function [fedora-all]2018-10-22
Bugzilla
CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function [epel-all]2018-10-22
Bugzilla
CVE-2018-5735 bind: Assertion failure in validator.c due to incorrect handling of DNSSEC validation2018-03-05