CVE-2019-14199Integer Underflow (Wrap or Wraparound) in U-boot

CWE-191Integer Underflow (Wrap or Wraparound)5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Denx U-bootDebian U-bootMsrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0+1 more
Timeline
PublishedJul 31
Latest updateMay 24

Description

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

debiandebian/u-boot< u-boot 2020.01+dfsg-1 (bookworm)
Debiandenx/u-boot< 2020.01+dfsg-1+3
NVDdenx/u-boot2019.07

🔴Vulnerability Details

2
GHSA
GHSA-hv5p-q6m7-g94m: An issue was discovered in Das U-Boot through 20192022-05-24
OSV
CVE-2019-14199: An issue was discovered in Das U-Boot through 20192019-07-31

📋Vendor Advisories

2
Microsoft
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.2019-07-09
Debian
CVE-2019-14199: u-boot - An issue was discovered in Das U-Boot through 2019.07. There is an unbounded mem...2019