2 matches found
Important: edk2
Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...
edk2: Privilege escalation via processing of malformed files in TianoCompress.c
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access...