VYPR
Vendor

Barebox

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2026-34963HigMay 11, 2026
    risk 0.55cvss 8.4epss 0.00

    barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap…

  • CVE-2026-34960MedMay 11, 2026
    risk 0.42cvss 6.5epss 0.00

    barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a…

  • CVE-2026-34962MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4…

  • CVE-2026-34961MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or…

  • CVE-2024-57262HigFeb 19, 2025
    risk 0.39cvss 7.1epss 0.00

    In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.

  • CVE-2024-57261HigFeb 19, 2025
    risk 0.39cvss 7.1epss 0.00

    In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.

  • CVE-2026-33243Mar 20, 2026
    risk 0.00cvss epss 0.00

    barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were…

  • CVE-2021-37848Aug 2, 2021
    risk 0.00cvss epss 0.02

    common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.

  • CVE-2021-37847Aug 2, 2021
    risk 0.00cvss epss 0.02

    crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.

  • CVE-2020-13910Jun 7, 2020
    risk 0.00cvss epss 0.01

    Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.

  • CVE-2019-15937Sep 5, 2019
    risk 0.00cvss epss 0.02

    Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.

  • CVE-2019-15938Sep 5, 2019
    risk 0.00cvss epss 0.02

    Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.