CVE-2019-14192 CRITICAL

Published: 2019-07-31 | Last Modified: 2026-05-12 | Status: Modified

Description

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

Additional Descriptions (1)

Se detectó un problema en Das U-Boot hasta versión 2019.07. Se presenta un memcpy ilimitado cuando se analiza un paquete UDP debido a un subdesbordamiento de enteros en la función net_process_received_packet durante una llamada de nc_input_packet.

CVSS Metrics

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-191 en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
denx	u-boot	*	<built-in method update of dict object at 0x7b067dd97a40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:denx:u-boot::::::::`

References

https://blog.semmle.com/uboot-rce-nfs-vulnerability/
Source: [email protected]

Third Party Advisory
https://gitlab.com/u-boot/u-boot
Source: [email protected]

Third Party Advisory
https://blog.semmle.com/uboot-rce-nfs-vulnerability/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://gitlab.com/u-boot/u-boot
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e