Veracode Vulnerability DatabaseVERACODE:39725Denial Of Service (DoS)
7.1 High
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.6%
u-boot is vulnerable to Denial Of Service (DoS). The vulnerability exists because the U-Boot DFU implementation does not bind the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command, allowing an attacker to write beyond the heap-allocated request buffer through the maliciously crafted USB DFU download setup packet with a wLength greater than 4096 bytes
| CPE | Name | Operator | Version |
|---|---|---|---|
| u-boot:sid | eq | 2020.10+dfsg-1+b1 | |
| u-boot:sid | eq | 2020.10+dfsg-1+b1 |
Related
7.1 High
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.6%