61 matches found
USN-6523-1 u-boot-nezha vulnerability
It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-2347 Nicolas Bidron and Nicolas Guigo discovered that U-Boot...
USN-6523-1: u-boot-nezha vulnerability
It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-2347 Nicolas Bidron and Nicolas Guigo discovered that U-Boot...
Ubuntu 22.04 LTS / 23.04 : u-boot-nezha vulnerability (USN-6523-1)
The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6523-1 advisory. It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot t...
CVE-2022-3007
The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update DFU which is used for performing Over-The-Air OTA firmware updates on the Bluetooth Low Energy BLE devices. An unauthenticated attacker could exploit this...
Information disclosure
The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update DFU which is used for performing Over-The-Air OTA firmware updates on the Bluetooth Low Energy BLE devices. An unauthenticated attacker could exploit this...
Denial Of Service (DoS)
u-boot is vulnerable to Denial Of Service DoS. The vulnerability exists because the U-Boot DFU implementation does not bind the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command, allowing an attacker to write...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : U-Boot vulnerabilities (USN-5764-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5764-1 advisory. It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue t...
USN-5764-1: U-Boot vulnerabilities
It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-2347 Nicolas Bidron and Nicolas Guigo discovered that U-Boot...
CVE-2022-39344 Azure RTOS USBX vulnerable to buffer overflow
Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this m...
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
Cross site request forgery (csrf)
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
UBUNTU-CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347
CVE-2022-2347 affects U-Boot’s USB DFU download path: an unchecked wLength > 4096 can cause a heap overflow by writing beyond the heap-allocated request buffer. Affected component is U-Boot DFU handling; attack requires physical access via USB. Some advisories (Debian, EulerOS, Huawei EulerOS,...
CVE-2022-2347 Unchecked Download size in Uboot
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347 Unchecked Download size in Uboot
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347 Unchecked Download size in Uboot
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
PT-2022-16011 · U-Boot +4 · U-Boot +4
Name of the Vulnerable Software and Affected Versions: UBoot affected versions not specified Description: The issue is related to an unchecked length field in UBoot's DFU implementation. Specifically, the U-Boot DFU implementation does not bound the length field in USB DFU download setup packets,...