CVE-2019-14562Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or WraparoundCWE-20Improper Input ValidationCWE-835Infinite Loop11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Debian Linux
Timeline
PublishedNov 23
Latest updateMay 24

Description

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiantianocore/edk2< 2020.05-4+3
Ubuntutianocore/edk2< 0~20160408.ffea0a2c-2ubuntu0.2+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

4
GHSA
GHSA-57v4-px6g-hxrm: Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access2022-05-24
OSV
edk2 vulnerabilities2021-01-07
OSV
CVE-2019-14562: Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access2020-11-23
CVEList
CVE-2019-14562: Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access2020-11-23

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2021-01-07
Red Hat
edk2: DxeImageVerificationHandler integer overflow leads to endless loop2019-09-24
Debian
CVE-2019-14562: edk2 - Integer overflow in DxeImageVerificationHandler() EDK II may allow an authentica...2019

💬Community

3
Bugzilla
CVE-2019-14562 edk2: DxeImageVerificationHandler integer overflow leads to endless loop [epel-all]2020-08-17
Bugzilla
CVE-2019-14562 edk2: DxeImageVerificationHandler integer overflow leads to endless loop [fedora-all]2020-08-17
Bugzilla
CVE-2019-14562 edk2: DxeImageVerificationHandler integer overflow leads to endless loop2020-08-17
CVE-2019-14562 — Integer Overflow or Wraparound | cvebase