An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

...

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

...

Linux Distros Unpatched Vulnerability : CVE-2024-57255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting ...

Linux Distros Unpatched Vulnerability : CVE-2024-57254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. CVE-2024-57254...

CVE-2022-33103

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfsreaddir...

OESA-2025-1211 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink siz...

DEBIAN-CVE-2024-57259

sqfssearchdir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation...

UBUNTU-CVE-2024-57254

An integer overflow in sqfsinodesize in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem...

UBUNTU-CVE-2024-57255

An integer overflow in sqfsresolvesymlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite...

CVE-2023-40481

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-40481

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-40481

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-40481 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-40481 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2023-40481

7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

PT-2023-4490 · Igor Pavlov +1 · 7-Zip +1

Name of the Vulnerable Software and Affected Versions: 7-Zip affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this issue, where the target must visit a malicious pa...

UBUNTU-CVE-2022-33103

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfsreaddir...

PT-2022-21691 · Unknown +5 · Das U-Boot +5

Name of the Vulnerable Software and Affected Versions: Das U-Boot versions 2020.10 through 2022.07-rc3 Description: The issue is related to an out-of-bounds write via the function sqfs readdir. Recommendations: For Das U-Boot versions 2020.10 through 2022.07-rc3, consider disabling the sqfs readd...

Das U-Boot 缓冲区错误漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios & MicroBlaze. A security vulnerability exists in Das U-Boot versions v2020.10 through v2022.07-rc3. An attacker can...

Netgear NETGEAR 操作系统命令注入漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from NETGEAR devices can be exploited by unauthenticated attackers to inject...