CVE-2019-13103Uncontrolled Recursion in U-boot

CWE-674Uncontrolled Recursion5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 77.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Denx U-bootDebian U-boot
Timeline
PublishedJul 29
Latest updateMay 24

Description

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDdenx/u-boot< 2019.04+2
debiandebian/u-boot< u-boot 2020.01+dfsg-1 (bookworm)
Debiandenx/u-boot< 2020.01+dfsg-1+3

Patches

Patch: github.comPatch: lists.denx.dePatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-wfjv-jm8j-274f: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 20192022-05-24
OSV
CVE-2019-13103: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 20192019-07-29

📋Vendor Advisories

2
CISA ICS
Siemens RUGGEDCOM ROS (Update A)2019-12-10
Debian
CVE-2019-13103: u-boot - A crafted self-referential DOS partition table will cause all Das U-Boot version...2019
CVE-2019-13103 — Uncontrolled Recursion in Denx U-boot | cvebase