rpm package
opensuse/u-boot-p2371-2180&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/u-boot-p2371-2180&distro=openSUSE%20Leap%2015.3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-33967 | — | < 2021.01-150300.7.15.1 | 2021.01-150300.7.15.1 | Jul 20, 2022 | squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition | ||
| CVE-2022-33103 | — | < 2021.01-150300.7.18.1 | 2021.01-150300.7.18.1 | Jul 1, 2022 | Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | ||
| CVE-2022-34835 | Cri | 9.8 | < 2021.01-150300.7.15.1 | 2021.01-150300.7.15.1 | Jun 30, 2022 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. | |
| CVE-2022-30790 | Hig | 7.8 | < 2021.01-150300.7.12.1 | 2021.01-150300.7.12.1 | Jun 8, 2022 | Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. | |
| CVE-2022-30552 | Med | 5.5 | < 2021.01-150300.7.12.1 | 2021.01-150300.7.12.1 | Jun 8, 2022 | Das U-Boot 2022.01 has a Buffer Overflow. | |
| CVE-2022-30767 | — | < 2021.01-150300.7.12.1 | 2021.01-150300.7.12.1 | May 16, 2022 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. |
- CVE-2022-33967Jul 20, 2022affected < 2021.01-150300.7.15.1fixed 2021.01-150300.7.15.1
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition
- CVE-2022-33103Jul 1, 2022affected < 2021.01-150300.7.18.1fixed 2021.01-150300.7.18.1
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
- affected < 2021.01-150300.7.15.1fixed 2021.01-150300.7.15.1
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
- affected < 2021.01-150300.7.12.1fixed 2021.01-150300.7.12.1
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
- affected < 2021.01-150300.7.12.1fixed 2021.01-150300.7.12.1
Das U-Boot 2022.01 has a Buffer Overflow.
- CVE-2022-30767May 16, 2022affected < 2021.01-150300.7.12.1fixed 2021.01-150300.7.12.1
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.