Note:
This project will be discontinued after December 13, 2021. [more]
Product:
U\-Boot
(Denx)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-24 | CVE-2017-3225 | Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn... | U\-Boot | 4.6 | ||
| 2019-08-06 | CVE-2019-13105 | Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | U\-Boot | 7.8 | ||
| 2019-07-31 | CVE-2019-14204 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14203 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14202 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14201 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14200 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14199 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14198 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | U\-Boot | 9.8 | ||
| 2019-07-31 | CVE-2019-14197 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | U\-Boot | 9.1 |