CVE-2018-12181Out-of-bounds Write in Firmware Interface Development KIT

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow11 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 65.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Extensible Firmware Interface Development KIT
Timeline
PublishedMar 27
Latest updateMay 13

Description

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

Debiantianocore/edk2< 0~20181115.85588389-3+3

Patches

Patch: edk2-docs.gitbooks.ioPatch: edk2-docs.gitbooks.io

🔴Vulnerability Details

4
GHSA
GHSA-wf68-vxvr-9r6g: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local acc2022-05-13
OSV
edk2 vulnerabilities2020-04-30
OSV
CVE-2018-12181: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local acc2019-03-27
CVEList
CVE-2018-12181: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local acc2019-03-27

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2020-04-30
Red Hat
edk2: Stack buffer overflow with corrupted BMP2019-03-07
Debian
CVE-2018-12181: edk2 - Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potent...2018

💬Community

3
Bugzilla
CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP [epel-all]2019-03-08
Bugzilla
CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP [fedora-all]2019-03-08
Bugzilla
CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP2019-03-08
CVE-2018-12181 — Out-of-bounds Write | cvebase