106 matches found
CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
CVE-2026-33243
Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
EUVD-2026-13893
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage1 sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing...
CVE-2026-33243
Removed by vendor...
CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...
Barebox 数据伪造问题漏洞
Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox before 2025.09.3 and 2026.03.1 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that the hashed-nodes attribute set by mkimage during the creation of FIT was n...
PT-2026-26702
Name of the Vulnerable Software and Affected Versions barebox versions 2016.03.0 through 2025.09.2 barebox versions 2025.10.0 through 2026.03.0 Description barebox is a bootloader. When creating a FIT Firmware Image Table, the mkimage1 function sets the hashed-nodes property of the FIT signature...
EUVD-2020-6117
Malware in sbrugna...
EUVD-2019-6839
Malware in sbrugna...
EUVD-2019-6840
Malware in sbrugna...
EUVD-2021-24326
Malware in sbrugna...
EUVD-2021-24327
Malware in sbrugna...
EUVD-2025-4755
Malicious code in bioql PyPI...
CVE-2021-37847
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...
CVE-2021-37848
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...
CVE-2020-13910
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...
CVE-2019-15937
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreply in net/nfs.c because a length field is directly used for a memcpy...