Skip to main content

U Boot CVE-2019-14199

CRITICAL
Integer Underflow (CWE-191)
2019-07-31 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2019 - 13:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.

AnalysisAI

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-191. An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. Affected products include: Denx U-Boot. Version information: through 2019.07..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in U Boot

View all
CVE-2022-34835 CRITICAL POC
9.8 Jun 30

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md"

CVE-2022-30790 HIGH POC
7.8 Jun 08

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. Rated high severity (CVSS 7.8), this vu

CVE-2020-10648 HIGH POC
7.8 Mar 19

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images

CVE-2022-30767 CRITICAL POC
9.8 May 16

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a fai

CVE-2018-18439 CRITICAL POC
9.8 Nov 20

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traf

CVE-2022-2347 HIGH POC
7.7 Sep 23

There exists an unchecked length field in UBoot. Rated high severity (CVSS 7.7), this vulnerability is no authentication

CVE-2019-14193 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14203 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14202 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14201 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14200 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14196 CRITICAL
9.8 Jul 31

An issue was discovered in Das U-Boot through 2019.07. Rated critical severity (CVSS 9.8), this vulnerability is remotel

Share

CVE-2019-14199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy