pkg:Debian/u-boot
共 49 筆 CVECRITICAL19HIGH19MEDIUM10LOW1
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2022-34835In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables th…from 0, < 2021.01+dfsg-5+deb11u1
- CRITICAL9.8CVE-2022-30767nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, l…from 0, < 2021.01+dfsg-5+deb11u1
- CRITICAL9.8CVE-2020-8432In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function.from 0, < 2020.01+dfsg-2
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2021.01+dfsg-5+deb11u1
- from 0, < 2021.01+dfsg-5+deb11u1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- from 0, < 2020.01+dfsg-1
- CRITICAL9.8CVE-2019-11059Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.from 0, < 2019.01+dfsg-6
- CRITICAL9.8CVE-2018-18439DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled.from 0
- from 0, < 2020.01+dfsg-1
- HIGH8.2CVE-2026-46728Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.from 0
- from 0
- HIGH8.1CVE-2024-42040Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allo…from 0
- HIGH7.8CVE-2024-57258Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size,…from 0, < 2021.01+dfsg-5+deb11u1
- HIGH7.8CVE-2022-33967squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability…from 0, < 2021.01+dfsg-5+deb11u1
- HIGH7.8CVE-2022-33103Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().from 0, < 2021.01+dfsg-5+deb11u1
- HIGH7.8CVE-2022-30790Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.from 0, < 2021.01+dfsg-5+deb11u1
- HIGH7.8CVE-2021-27138The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.from 0, < 2021.01+dfsg-5+deb11u2
- from 0, < 2021.01+dfsg-5+deb11u2
- from 0, < 2021.01+dfsg-5+deb11u2
- HIGH7.8CVE-2020-10648Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a craf…from 0, < 2020.04+dfsg-1
- HIGH7.8CVE-2019-13106Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stac…from 0, < 2020.01+dfsg-1
- HIGH7.8CVE-2019-13105Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.from 0, < 2020.01+dfsg-1
- HIGH7.8CVE-2019-13104In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including…from 0, < 2020.01+dfsg-1
- HIGH7.8CVE-2018-18440DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandl…from 0
- HIGH7.6CVE-2025-24857Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ401…from 0, < 2017.11+dfsg1-2
- from 0, < 2021.01+dfsg-5+deb11u1
- HIGH7.1CVE-2019-13103A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the st…from 0, < 2020.01+dfsg-1
- HIGH7.0CVE-2018-3968An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2.from 0, < 2014.07+dfsg1-1
- MEDIUM6.8CVE-2024-57259sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory l…from 0, < 2021.01+dfsg-5+deb11u1
- MEDIUM6.8CVE-2024-57256An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafte…from 0, < 2021.01+dfsg-5+deb11u1
- MEDIUM6.8CVE-2024-57255An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of…from 0, < 2021.01+dfsg-5+deb11u1
- MEDIUM6.8CVE-2024-57254An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs files…from 0, < 2021.01+dfsg-5+deb11u1
- MEDIUM6.5CVE-2025-45512A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install craf…from 0
- MEDIUM6.4CVE-2017-3226Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.from 0
- MEDIUM5.9CVE-2019-11690gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in…from 0, < 2019.01+dfsg-6
- from 0, < 2021.01+dfsg-5+deb11u1
- MEDIUM5.5CVE-2018-1000205U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified…from 0
- MEDIUM4.6CVE-2017-3225Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.from 0
- LOW2.4CVE-2024-57257A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.from 0, < 2021.01+dfsg-5+deb11u1