CVE-2018-12178 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Firmware Interface Development KIT

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

9.1CRITICALNVD

EPSS

0.4%

top 36.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tianocore Edk2 Extensible Firmware Interface Development KIT

Timeline

PublishedMar 27

Latest updateMay 14

Description

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶Debiantianocore/edk2< 0~20181115.85588389-3+3

▶Ubuntutianocore/edk2< 0~20160408.ffea0a2c-2ubuntu0.1+1

▶CVEListV5extensible_firmware_interface_development_kit/extensible_firmware_interface_development_kitN/A

Patches

Patch: edk2-docs.gitbooks.io ↗Patch: edk2-docs.gitbooks.io ↗

🔴Vulnerability Details

GHSA

GHSA-85f7-wwh2-8hrc: Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via net↗2022-05-14

▶

OSV

edk2 vulnerabilities↗2020-04-30

▶

CVEList

CVE-2018-12178: Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via net↗2019-03-27

▶

OSV

CVE-2018-12178: Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via net↗2019-03-27

▶

📋Vendor Advisories

Ubuntu

EDK II vulnerabilities↗2020-04-30

▶

Red Hat

edk2: improper DNS packet size check↗2019-02-26

▶

Debian

CVE-2018-12178: edk2 - Buffer overflow in network stack for EDK II may allow unprivileged user to poten...↗2018

▶

💬Community

Bugzilla

CVE-2018-12178 edk2: improper DNS packet size check↗2019-02-26

▶

Bugzilla

CVE-2018-12178 edk2: improper DNS packet size check [epel-all]↗2019-02-26

▶

Bugzilla

CVE-2018-12178 edk2: improper DNS packet size check [fedora-all]↗2019-02-26

▶