CVE-2018-18440Improper Restriction of Operations within the Bounds of a Memory Buffer in U-boot

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 66.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Denx U-bootDebian U-boot
Timeline
PublishedNov 20
Latest updateMay 13

Description

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDdenx/u-boot2018.07+1
debiandebian/u-boot

🔴Vulnerability Details

2
GHSA
GHSA-2q5w-j6vh-gmvc: DENX U-Boot through 20182022-05-13
OSV
CVE-2018-18440: DENX U-Boot through 20182018-11-20

📋Vendor Advisories

2
CISA ICS
Siemens RUGGEDCOM ROS (Update A)2019-12-10
Debian
CVE-2018-18440: u-boot - DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a ...2018
CVE-2018-18440 — Denx U-boot vulnerability | cvebase