CVE-2021-28211
published 2021-06-11CVE-2021-28211: A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2020.11-1 (bookworm) | edk2 2020.11-1 (bookworm) |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| tianocore | edk2 | — | — |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 2020.11-1 | 2020.11-1 |
| tianocore | edk2 | >= 0 < 0~20191122.bd85bf54-2ubuntu3.6 | 0~20191122.bd85bf54-2ubuntu3.6 |
| tianocore | edk2 | >= 0 < 0~20191122.bd85bf54-2ubuntu3.2 | 0~20191122.bd85bf54-2ubuntu3.2 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.3 | 2022.02-3ubuntu0.22.04.3 |
| tianocore | edk2 | >= 0 < 0~20160408.ffea0a2c-2ubuntu0.2+esm3 | 0~20160408.ffea0a2c-2ubuntu0.2+esm3 |
| tianocore | edk2 | >= 0 < 0~20180205.c0d9813c-2ubuntu0.3+esm2 | 0~20180205.c0d9813c-2ubuntu0.3+esm2 |
| tianocore | edk_ii | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH