VYPR

U Boot

by Denx

Source repositories

CVEs (32)

  • CVE-2024-57258HigFeb 18, 2025
    risk 0.46cvss 7.1epss 0.00

    Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

  • CVE-2024-57256HigFeb 18, 2025
    risk 0.46cvss 7.1epss 0.00

    An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

  • CVE-2019-13103HigJul 29, 2019
    risk 0.39cvss 7.1epss 0.00

    A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

  • CVE-2022-30552MedJun 8, 2022
    risk 0.36cvss 5.5epss 0.00

    Das U-Boot 2022.01 has a Buffer Overflow.

  • CVE-2025-45512Aug 5, 2025
    risk 0.00cvss epss 0.00

    A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.

  • CVE-2024-57255Feb 18, 2025
    risk 0.00cvss epss 0.00

    An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

  • CVE-2024-57254Feb 18, 2025
    risk 0.00cvss epss 0.00

    An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.

  • CVE-2024-57257Feb 18, 2025
    risk 0.00cvss epss 0.00

    A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.

  • CVE-2024-57259Feb 18, 2025
    risk 0.00cvss epss 0.00

    sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

  • CVE-2022-33967Jul 20, 2022
    risk 0.00cvss epss 0.01

    squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition…

  • CVE-2018-18439Nov 20, 2018
    risk 0.00cvss epss 0.02

    DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.

  • CVE-2018-18440Nov 20, 2018
    risk 0.00cvss epss 0.01

    DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

Page 2 of 2