Barebox
Products
1- 12 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34963 | Hig | 0.55 | 8.4 | 0.00 | May 11, 2026 | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap… | ||
| CVE-2026-34960 | Med | 0.42 | 6.5 | 0.00 | May 11, 2026 | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a… | ||
| CVE-2026-34962 | Med | 0.40 | 6.2 | 0.00 | May 11, 2026 | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4… | ||
| CVE-2026-34961 | Med | 0.40 | 6.2 | 0.00 | May 11, 2026 | barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or… | ||
| CVE-2024-57262 | Hig | 0.39 | 7.1 | 0.00 | Feb 19, 2025 | In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256. | ||
| CVE-2024-57261 | Hig | 0.39 | 7.1 | 0.00 | Feb 19, 2025 | In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. | ||
| CVE-2026-33243 | 0.00 | — | 0.00 | Mar 20, 2026 | barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were… | |||
| CVE-2021-37848 | 0.00 | — | 0.02 | Aug 2, 2021 | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | |||
| CVE-2021-37847 | 0.00 | — | 0.02 | Aug 2, 2021 | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | |||
| CVE-2020-13910 | 0.00 | — | 0.01 | Jun 7, 2020 | Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | |||
| CVE-2019-15937 | 0.00 | — | 0.02 | Sep 5, 2019 | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | |||
| CVE-2019-15938 | 0.00 | — | 0.02 | Sep 5, 2019 | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. |
- risk 0.55cvss 8.4epss 0.00
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap…
- risk 0.42cvss 6.5epss 0.00
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a…
- risk 0.40cvss 6.2epss 0.00
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4…
- risk 0.40cvss 6.2epss 0.00
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or…
- risk 0.39cvss 7.1epss 0.00
In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.
- risk 0.39cvss 7.1epss 0.00
In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.
- CVE-2026-33243Mar 20, 2026risk 0.00cvss —epss 0.00
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were…
- CVE-2021-37848Aug 2, 2021risk 0.00cvss —epss 0.02
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
- CVE-2021-37847Aug 2, 2021risk 0.00cvss —epss 0.02
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
- CVE-2020-13910Jun 7, 2020risk 0.00cvss —epss 0.01
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
- CVE-2019-15937Sep 5, 2019risk 0.00cvss —epss 0.02
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
- CVE-2019-15938Sep 5, 2019risk 0.00cvss —epss 0.02
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.