CVE-2018-18439Improper Restriction of Operations within the Bounds of a Memory Buffer in U-boot

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 40.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Denx U-bootDebian U-boot
Timeline
PublishedNov 20
Latest updateMay 14

Description

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDdenx/u-boot< 2018.09+1
debiandebian/u-boot

🔴Vulnerability Details

2
GHSA
GHSA-vqxq-jmxf-f53r: DENX U-Boot through 20182022-05-14
OSV
CVE-2018-18439: DENX U-Boot through 20182018-11-20

📋Vendor Advisories

1
Debian
CVE-2018-18439: u-boot - DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a...2018
CVE-2018-18439 — Denx U-boot vulnerability | cvebase